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"In Red Gate's Exchange Server Archiver we found 
the perfect blend of customization and ease-of-use, 
Having a wide range of clients it was important to 
us to have software that wouldn’t impose itself on 
the way our clients currently work. It is possible to 
implement the product without the users seeing 
any difference which is why we choose to use this 
software over others. Installation is extremely easy 
and is backed up by an excellent support team." 

Alex Eley Stripe Consulting 




New email archiving for Exchange. Transparent end-user 
experience with an integrated search of both archived and 
non-archived emails. $30 a mailbox. 

Get a free, fully functional 30-day trial at www.red-gate.com 
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IT PRO PERSPECTIVE 


James 


"Spiceworks and NComputing are 
well-positioned to fit the needs of 
resource-starved IT staff." 



How the Economic Downturn is Driving IT Innovation 

IT pros consider alternative solutions 


M any IT pros have been forced to cut budgets and 
trim staff over the past 12 months, resulting in 
fewer people working longer hours to do the 
same amount of work. These trying economic 
times have led some IT pros to look for solutions 
they may not have considered in better economic 
conditions. Two IT vendors are well-positioned to fit the needs of 
resource-starved IT staff: Spiceworks and NComputing. 

Spiceworks: Free IT Management Software 

Launched in 2006, Spiceworks (www.spiceworks.com) is a free, 
ad-supported IT management app aimed at small and medium 
businesses with up to 500 devices. Spiceworks can be used to 
monitor, inventory, and troubleshoot IT networks. It also includes 
a fully-featured Help desk module, and the latest version adds a 
slick visual network mapping feature and support for management 
plug-ins from Intel, Trend Micro, Microsoft, and other vendors. It 
also adds a community-powered Windows event feature that lets 
IT pros leverage the knowledge of thousands of other Spiceworks 
users in the Spiceworks IT Network to help troubleshoot and solve 
network problems. Scott Abel, co-founder and CEO of Spiceworks, 
claims that Spiceworks is currently used by more than 700,000 IT 
pros, who in turn support more than 22 million end users. 

Craig McCarty, the corporate IT manager for Soil & Environmen¬ 
tal Consultants in Raleigh, NC, has been a Spiceworks customer 
since version 1.5. "I was initially looking for an inventory system and 
Help desk application, and Spiceworks seemed to have the features 
I needed," McCarty told me in a phone interview. "Being very easy 
to use—and free—made it an even more attractive product." 

McCarty is his organization's only IT administrator; he uses Spice¬ 
works to manage 35 employees using about 70 different computing 
devices. McCarty sees Spiceworks' extensive online community— 
which is integrated tightly with the Spiceworks application—as the 
app's most valuable feature. "The community is tightly integrated 
with the product," McCarty said. "The community provides valuable 
information that I couldn't get from just using the application alone." 

NComputing: The Next Generation Thin Client? 

Over the past few years, rapid advances in virtualization, network 
performance, and computing power have combined to create a 
unique environment for a new class of computing devices. NCom¬ 
puting (www.ncomputing.com) president and CEO Stephen Dukker 


has spent the past few years cre¬ 
ating an ultra low-cost desktop 
virtualization platform that he 
says offers huge improvements 
over the traditional thin-client 
computing approach. 

The NComputing model has 
multiple dumb terminals sharing 
a single, low-cost server running 
NComputing's custom desktop 
virtualization software. Dukker— 
who is also the former chairman 
of low-cost PC manufacturer 
eMachines—said that NComput¬ 
ing has deployed at least 2 million seats in more than 100 countries 
over the past few years, with most business coming from countries 
outside the United States. NComputing inked a deal with the United 
Nations to provide more than 500,000 computer workstations in 
developing nations and joined forces with manufacturing giant LG 
Electronics to embed their virtualization software in a new line of 
LCD monitors that can serve thin-client workstations, driving down 
the cost of a potential NComputing solution even further. 

So what does NComputing offer that traditional thin-client 
solutions don't? "We provide a much better PC experience for the 
end user," says Dukker. "Our system doesn't provide a laggy or 'half- 
a-PC' experience. Our desktop virtualization software is developed 
in-house. Let's put it this way: It's as if VMware married Citrix and 
had a better-looking kid." 

Matt Kandefer, a programming supervisor at Altek Electronics, 
opted for the NComputing platform to supply workstations providing 
instructions to employees working on an assembly line. In a phone 
interview, Kandefer told me that the switch was roughly half the cost 
of comparable systems from other vendors. "We've had very few 
problems. We did have some initial issues with virus scan software, 
but NComputing helped us solve those problems," Kandefer said. 
"We started off with traditional Windows XP workstations—which ran 
great—but this [NComputing] approach is less expensive and gets us 
out of being forced to upgrade our software every 5 years." ^ 

InstantDoc ID 102356 

JEFF JAMES (jjames@windowsitpro.com) is Editor-in-Chief, Web Content 
Strategist for Penton Media's IT Publishing Group. He specializes in server 
operating systems, systems management, and server virtualization. 


Talk Back:Tell Us 
What You Think 

We're always eager to hear 
reader feedback on everything 
we do here at Windows IT Pro, 
so I encourage you to let us 
know what's on your mind. 
Please drop me an email at 
jjames@windowsitpro.com, 
follow me on Twitter (Twitter 
.com/jeffjames3), or give me a 
call directly at 970-203-2775. 
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■READER FEEDBACK 


■ Windows 7 Pricing 

■ PowerShell Praise 


Windows 7 Licensing 

Paul Thurrott's commentary about Windows 
7 licensing ("Pricing Malfunction"InstantDoc 
ID 102303) hit home with me. I'm an IT pro¬ 
fessional, and at home I have two netbooks 
(running Windows XP Home Edition), four 
PCs (one running XP Home, three running XP 
Professional), and one Windows Home Server 
(WHS) system. I'm very excited about Win¬ 
dows 7 and would be happy to pay $50 per 
PC to upgrade to Windows 7 Home Premium. 


I guess I'll watch closely for special pre-sales 
pricing from consumer electronics stores and 
jump aboard when I can. I wouldn't upgrade 
my PCs to Windows 7 at a price of $ 100 or 
more per PC—$600 (or more) in OS licensing 
won't receive approval from my CFO (i.e., my 
wife). But I should be able to obtain her sign- 
off at $300. The folks in Redmond should take 
Paul's article to heart! 

—J. Christopher Graham 

PowerShell Primer 

I've been enjoying Robert Sheldon's Power- 
Shell series, including "Save Your PowerShell 
Code in Profile and Script Files" (June 2009, 
InstantDoc ID 10178), for several months 
now. He has provided an intuitive, easy-to- 
follow description of PowerShell essentials. 


■ Two Bings 

■ Bells and Whistles 


Any administrator who isn't comfortable 
with the command line should be following 
this series. Kudos to Robert. I look forward to 
future articles from him. 

—Jeff Davalos 

Badda Bing! 

I thought you might like to know that Austra¬ 
lia Post has had a service called Bing for 
quite a while.The domain is bingmail.com. 
au, but the service is obviously branded Bing. 


(Editor's note: See Figure 1.) I wonder how 
much research Microsoft did before naming 
its new search engine. 

—Jeff Neal 

I read Paul Thurrott's Winlnfo exclusive, "Bing 
Off to a Fast Start" (InstantDoc ID 102253). 

On my current PC, since installing Microsoft 
Internet Explorer 8 (IE8), the Google Desktop 
search display is hobbled: I have to turn on 
Compatibility mode for 127.0.0.1 to get the 
search results to appear. If I remove the site 
from Compatibility mode once the search 
results have appeared, it works fine for the 
next search--until I reboot. 

On the new PC I'm setting up, the Micro¬ 
soft installation defaults to Bing and Out¬ 
look Instant Search: This probably accounts 


Move to Windows 7? 

Probably Not 

With Windows 7, Microsoft has com¬ 
pletely missed the point: Most business 
users don't need more bells and whis¬ 
tles; they need better security, account¬ 
ability, traceability, and trackability. You 
can't get these features from an OS that 
has been designed for Internet interop¬ 
erability from the ground up. 

My OS of choice at work remains 
Windows 2000 Server SP4, which runs 
Mozilla Firefox, MozillaThunderbird, 
AutoCAD LT 2002, and OpenOffice 
.org 3.0 very well. My home PC runs 
Windows XP SP2. After reading horror 
stories about installing XP SP3 on previ¬ 
ously well-functioning SP2 systems, I 
decided not to do it. The PC doesn't get 
updates anymore. It runs a decent fire¬ 
wall and antivirus solution, and so far it 
seems reasonably free from hassle and 
recovers well from failover. It just can't 
run some legacy applications. 

You might wonder why I haven't 
switched to Ubuntu or some other 
flavor of Linux. The answer is that my 
AutoCAD software is mission-critical, 
and the Linux alternatives are poor in 
this regard. Also, I've recently come to 
rely on PDF documents, and support for 
generating them in Linux is patchy for 
many applications. (However, in both 
cases, support is improving.) 

Burning bridges, putting in new 
features nobody asked for, indefinitely 
postponing the Great Windows Code 
Re-Write, Microsoft is gaining a reputa¬ 
tion for bells and whistles at all costs, 
including computer security. That's not 
a sustainable plan in the midterm, let 
alone the longterm. 

—Michael O'Neill 

for the market share Bing is taking! It makes 
Google Desktop search inefficient, as all the 
mail is being indexed twice. Incidentally, 
Google Desktop does a complete job of 
searching files for content, often finding 
results that IE doesn't. ^ 

—Colin 

InstantDoc ID 102330 
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Install, Maintain, and 
Troubleshoot Windows 
Server 2008 


1 


It's time to get up to speed on Win¬ 
dows Server 2008! Whether you 
intend to roll out Server 2008 imme¬ 
diately or in three years, you need 
to know exactly what benefits, chal¬ 
lenges, and opportunities lie in the 
latest release. Windows expert and 
best-selling author Mark Minasi talks 
about what's changed from Server 
2003 to Server 2008. 

windowsitpro.com/go/LeftBrain/lnstall 

MaintainTroubleshootWindows08 


The Essential Guide to Desktop 
Virtualization 

Learn howthin-client virtual desktop 
infrastructure (VDI) can improve ROI 
and reduce total cost of ownership. 
Many companies are turning to VDI, 
which moves data, processing, and 
applications from the desktop onto 
shared, centrally-managed hardware 
resources. Read this Essential Guide 
to know what to consider when plan¬ 
ning for virtualization. 
windowsitpro.com/go/EssentialVirtualDesktop 

SharePoint Success, eLearning 
series with Dan Holme 

On September 24, learn from the best, 

get your questions answered, and 

take away prescriptive guidance for 

successful SharePoint governance and 

administration. Get more info about 

the speaker, sessions, and how to 

reserve your seat at: 

windowsitpro.com/go/SharePointSuccess 

eLearning 

Deliver Agile IT Infrastructure 
through Virtualization 

Watch this on-demand examination of 
how one company created a simple and 
scalable disaster recovery environment 
using CA ARCserve Backup and Micro¬ 
soft Hyper-V Server 2008. You'll learn 
how virtualization can help you control 
costs, protect data, and minimize down¬ 
time as your organization grows. 
windowsitpro.com/go/ReduceCostsDeliverAgilelT 


Humphries 

The missing link to 
IT resources 



Are You Into Server 2008 R2? 

Explore Windows IT Pro resources to see if Windows 
Server 2008 R2 is right for you 


A s Paul Thurrott reported from 
TechEd 2009 in "TechEd 
2009: Windows 7, Windows 
Server 2008 R2, and More 
Microsoft News" (InstantDoc 
ID 102102), Microsoft is plan¬ 
ning a surge of product releases this year 
and next that will dominate the IT industry 
the way George Lucas's science fiction 
releases took over the movie theaters in the 
late 1990s. And just like the mixed reactions 
to some of the characters in the new Star 
Wars movies (far far Binks, anyone?), I'm 
curious to see what side IT pros take on the 
upcoming Microsoft releases. 

So over the next few months, I'll be 
providing you with food for decision fodder 
with resources on Windows 7, Windows 
Server 2008 R2, and Microsoft Office 2010. 
This month, in honor of my favorite Star 
Wars character—the adorable R2D2, friend 
of all humans and droids alike—I'm provid¬ 
ing some resources that can help you deter¬ 
mine how friendly you'd like to become with 
Server 2008 R2. 

"Windows Server 2008 R2: Not Your 
Average R2," InstantDoc ID 100766: Paul 
Thurrott gives some background on Micro¬ 
soft's recently adopted release "mantra" and 
how its releases aren't what they used to be. 

"Inside Windows Server 2008 R2," 
InstantDoc ID 101706: Michael Otey takes 
a look at some of the most important new 
features in Server 2008 R2. 

Deep Dive into Windows Server 2008 
R2, windowsitpro.com/go/elearning/ 
WS08R2: On August 20, 2009, MVP John 
Savill will lead 3 lessons on Windows Server 
2008 R2, covering new capabilities, enhanced 
services, and architectural changes. 


Windows Server 2008 R2 Audiocast 
with Ward Ralston, windowsitpro.com/go/ 
ITTV/Server2008R2Audiocast: Windows 
IT Pro editors Jeff James, Sheila Molnar, 
Michael Otey, and Michele Crockett inter¬ 
view Microsoft Group Product Manager 
Ward Ralston about some of the new fea¬ 
tures found in Windows Server 2008 R2. 

I'll be providing you 
with food for decision 
fodder with resources 
on Windows 7, 
Windows Server 2008 
R2, and Microsoft 
Office 2010. 

Understanding Windows Server 2008 
R2 Live Migration (parts 1 and 2), windows 
itpro.com/go/ITTV/Server2008R2Live 
Migration: In these whiteboard videos, John 
Savill explains the Live Migration and Clus¬ 
ter Shared Volume features. 

Once you get a feel for Server 2008 R2, 
let me know how it makes you feel—and 
if you think that it's worth upgrading to! 
Now all that's left is for someone to produce 
a celebratory song for Microsoft like the 
one John Williams (apparently, "the man") 
honored Star Wars in his one-man acoustic 
tribute (tinyurl.com/6b4f7z). You can send 
your release songs to christan.humphries@ 
penton.com. ^ 

InstantDoc ID 102288 
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Thurrott 

"Google Wave can both replace existing email, IM, 
and social networking solutions and work well 
with them." 


NEED TO KNOW 


What You Need to Know About Google Wave 


G oogle unveiled Google Wave, an online service that will 
provide a personal communications and collaboration 
hub for users and an extensible platform for developers. 
The service isn't available yet for testing. But Google 
Wave is an important new web platform, and it presents 
a credible threat to Microsoft's online efforts. Here's 
what you need to know about Google Wave. 

Cutting Through the Hype 

Google Wave is Google's Utopian attempt to rewrite the rules of 
email, instant messaging, document and image collaboration, and 
other tasks. It is an uber-service, the type of over-thinking we typically 
associate with Microsoft. 

Google notes that today's email and IM solutions emulate com¬ 
munication models that date back to the 1960s. Google Wave, it says, 
is an attempt to rethink these activities. 

In Google's view, the web has already won the platform wars, 
which is convenient since Google primarily makes web-based 
services. (And Google Wave is being open-sourced because the 
company would like to see this technology adopted and extended 
as broadly as possible. Google notes that it would like to see Wave 
servers become as ubiquitous as SMTP servers.) 

How It Works 

Individuals engage in "hosted communications'' called waves. Waves 
can consist of any combination of conversations (such as email and 
IM) and documents (collaboration), providing rich interaction via 
text, photos, videos, maps, and more, according to Google. 

If you think of how an email thread and an IM conversation might 
be combined into a single entity, that's pretty much a wave. A playback 
capability lets participants "rewind" the wave at any point and review 
what's already happened. You can edit any part of the wave at any 
time, and it's always possible to see who did what. 

Some Wave capabilities Google has highlighted so far include real¬ 
time collaboration, natural language tools (including context-sensitive 
spell checking), and Google Wave's extensibility model, which lets 
third-party developers add gadgets to the platform and embed waves 
in other sites. 

Google Wave runs completely in the browser. It's based on HTML 
5 and Google Web Toolkit, and its basic layout is similar to Microsoft 
Outlook's. It features a multi-pane ("panel" to Google) interface with 
Navigation ("folders" like Inbox) and Contacts panes on the left, the 
selected folder in the middle (which Google calls the Search panel), 


and, on the right, the selected wave (the message, in an email applica¬ 
tion). Similarity to Outlook and other email applications was no doubt 
intentional, to help users make the transition to this new communica¬ 
tions and collaboration model. 

When you create a new wave, you typically start as you would 
with an email message, by typing a message (as contrasted with an 
IM where you select a contact or group of contacts first). You can 
then add users—or participants, as Wave calls them—using a pop-up 
window. 

To users participating in a wave, the experience is very much like 
email. You hit Reply to write your response. This can happen offline, 
where the conversation is conducted like a long-distance chess match 
via email. But waves go beyond email by providing for live, interactive 
conversations—like IM—and by providing more granular ways to 
converse. 

With IM, you can typically see that the other participant is typing 
a message (because it will say something like "Rafael is typing...") but 
you don't see the message as its being typed. With Wave, you do. 

In the future you'll be able to drag and drop multimedia content, 
like pictures and video, into a wave. This feature isn't supported by the 
HTML 5 standard, so Google is working to get it added. 

You'll also be able to embed a wave in a traditional web site, to 
allow others to participate in a conversation from the web, adding 
their own comments and replies. (You can also just create waves from 
these sites and forego the Wave web app entirely if you want.) 

What It Means 

Google Wave can both replace existing email, IM, and social network¬ 
ing solutions and work well with them; it's your choice. For Microsoft, 
the implications are enormous. 

With Google Wave, it's clear that Google's decision to offer services 
piecemeal over time wasn't random but was in fact a strategy. It has 
created, in effect, a communications and collaboration engine for the 
cloud-computing wave. 

To read more about Google Wave and what it could offer IT pros, 
as well as its challenge to Microsoft, see "First Look: Google Wave" at 
www.winsupersite.com/alt/google_wave_fl.asp. ^ 
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to the point of zero protection. The best circumvention of this traditional failure strategy is to keep backup processes under the 
control of qualified IT professionals. One way to do this is via disk-to-disk backup systems. Instead of backing up to tape every 
night, which results in a blind-faith backup package, the disk-to-disk approach sends nightly backups first to a separate local 
disk store. This snapshot can then be written to tape during the day, without interfering with daytime business, and can be 
inspected and monitored by central IT staff. Integrate step 6, virtualization for advanced business continuity. Even better, the 
disk snapshot can be backed up offsite over the branch office's likely-dormant Internet link at night, using differential copies 
and cheap cloud storage, to provide a backup to the backup, as it were. In a disaster the"cloud"backup could be used to fire up 
cloud-based servers to get your operation up and running more quickly from a remote location. 

6. Virtualize 

If there was ever a magic bullet for DR, virtualization is it. You can use virtualization to improve DR while simultaneously lower¬ 
ing costs. Server virtualization lets you encapsulate branch-office applications into independent hard disk images that can 
be easily moved between servers at the branch or brought online at a remote location. A traditional branch server, such as a 
Microsoft Exchange or Active Directory server, is intimately bound to its host hardware, requiring hours or days to rebuild from 
backup media. Virtualizing that server lets you recover by simply spinning up the HD image on a commodity virtualization host, 
which can be kept as a hot onsite spare or brought in quickly at minimal cost. If you replicate snapshots offsite, you can spin up 
that server instance at some other location, including a cloud hosting provider, just as easily. 

7. Upgrade to manageable devices 

Remote offices tend to accumulate a variety of one-off, inexpensive computing and network devices. Things such as that cheap 
Ethernet switch from the local office supply store, the consumer-grade UPS drafted as a site's primary power protection. All of 
these devices share two attributes: inconsistency and unmanageability. Enterprise-grade devices are remotely manageable, 
providing Web, SSH, SNMP, and/or telnet access for configuration and monitoring purposes. Managed devices help you keep 
tabs on the status of a remote network - including potentially game-changing unapproved hardware and software changes 
- letting you head off some disasters before they occur. By tracking data from managed devices you can establish a baseline 
normal behavior profile for a site; deviations from the baseline can indicate the need of upgrades or policy changes. And man¬ 
ageability greatly enhances the ability of your support staff to handle routine break-fix and add-drop-change chores. 

8. Install remote sensors 

Many organizations depend on their local staff to provide information about the environmental conditions at a remote loca¬ 
tion. Knowing the temperature of a remote data closet, for example, can give you valuable intelligence about power failures, 
the progress of a forest fire or other natural disaster. Alas, during a disaster there may be no staff onsite to give you that data, 
even though Internet or other wide-area communications may continue to function for some time. Fortunately, low-cost envi¬ 
ronmental sensor packages are both cheap and easy to deploy. Basic systems include temperature, humidity, and dry contact 
readings. Advanced products add airflow, audio, light-level, and even video monitoring. Strategically locating one or more of 
these sensor"pods"in a remote office can give you critical data to guide your actions as a disaster unfolds. 

9. Deploy an NMS 

A Network Management System (NMS) continuously probes all your manageable network devices, including those at remote 
offices, tracking various values to give you a complete picture of your enterprise network health. This sounds like a complicated 
bit of IT technology to get your arms around, but today's IT pro is blessed with a plethora of both simple and low-cost NMS 
solutions. There was a time when rolling out an NMS required setting up a NASA-like operations center with giant screens and 
24-hour staffing. These days, even NASA gets by with a handful of desktop computers, and a basic NMS can be run entirely 
from your current desktop. At the low end are Software-as-a-Service (Saas) offerings, which range from free (ad-based) web 
sites to inexpensive month-to-month paid services. These employ a local software agent, or"crawler", that runs on a local PC at 
each site you want to monitor.The crawler collects data about devices and feeds it to the SaaS provider's data center, where the 
information is delivered to you via a customizable web dashboard. The SaaS approach gets you an NMS in minutes, but can be 
a single point of failure in a disaster. More sophisticated NMS are still not really expensive for the value they deliver. You'll have 
to dedicate one or more desktop computers as full-time NMS stations and you may have to install instrumentation modules 
at remote sites to scan local devices. Once deployed, an NMS pays for itself in early warning of potential disasters and the as¬ 
sistance it lends to your support staff for routine tasks. 

10. Collocate critical central services 

Organizations with multiple remote locations often centralize critical applications, such as email and CRM, at an HQ data center. 
But a disaster at HQ then results in the loss of all these services to all branches. You could replicate these functions at a backup 
data center, and switch to the backup site during a disaster, but that requires periodic testing to ensure that the backup site is 
continuously ready. A better solution is to simply collocate these central services in a hardened data center and run them from 
that location routinely, retaining the HQ data center as the backup site. Collocation data centers achieve huge economies of 
scale, spreading the cost of carrier-grade power, cooling, and network connectivity across a large number of customers. Thus 
bandwidth costs at a colo are usually much lower than they would be at an HQ site, which must pay for last-mile broadband 
connectivity. Thus collocating can often improve overall performance of centralized apps for remote offices while letting you 
reduce HQ connectivity costs. You can replicate data from the colo to backup servers at HQ, so that during the unlikely event of 
a colo disaster, branches can continue to operate, albeit with somewhat degraded performance. 
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TOP 10 WAYS to Optimize 

Remote Office Disaster Recovery 

Dealing with disasters at remote offices, where you likely have little or no technical staff, can be challenging — and, if 
you're not careful, expensive. Here are our top 10 tips for optimizing branch office DR while achieving overall improve¬ 
ments in cost efficiency. 



1. Define RPOs and RTOs 

Disaster recovery experts have coined two useful terms to help drive the business con¬ 
tinuity process: Recovery Time Objective (RTO) and Recovery Point Objective (RPO). For 
remote locations, the RTO is the amount of time (e.g., 24 hours) a branch office can 
afford to be down before business operations are seriously affected. Think of this as the 
"response time" of your DR plan: your aim is to be functional in a disaster within this 
interval.The RPO is the point in time (e.g., last night's backup) to which your DR plan will 
restore data during a disaster. In most disasters some data loss is unavoidable; the RPO 
defines just how much data you can lose and still restart operations during an outage. 
Different levels of disaster may well have different RPOs and RTOs. A fire that temporarily 
moves you to another building would have shorter RPO and RTO values than a flood 
that moves you to another city. 

2. Enumerate assets 

To adequately recover from any disaster you must know what assets you possess at 
each remote location and their function in your operation. Have local staff prepare a 


detailed inventory of every hardware device and software application they use and 
how they interrelate. Once you receive the inventory, prioritize it to rank assets by im¬ 
portance. You may be able to live without some assets, such as paper records, for a 
time, or even indefinitely. You can drop those assets from your DR process as long as 
you document how you'll get along without them (e.g., recreate paper records from 
computer files). 

3. Identify local technical resources 

Branch offices seldom have full-time expert IT staff. Instead, HQ staff usually rotate 
through each location for initial setup and periodic maintenance. But in a disaster your 
HQ staff may well be unable to come onsite to help, in which case you'll need to bring 
in local talent. Identify IT consultants and technicians near each remote site who can 
become your remote eyes and hands in the event of a disaster. A useful screening 
technique is to solicit specific DR ideas from several providers, which most IT pros are 
happy to provide at no charge. You can evaluate their responses to help assess their 
ability to assist in an emergency. Ultimately you may want to engage someone local 
on a retainer basis, to ensure that you get priority handling in a disaster. That will cost 
money, but if you keep that resource involved in your DR planning 
and testing processes you'll get valuable return on that investment. 
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4. Obtain management buy-in 

Up to this point you've spent very little money, if any, on DR planning 
and implementation. Before going to management to request funds 
to continue, expend some legwork enlisting upper management 
support for the idea of investing in DR. A common misconception 
in executive circles is that DR is just an expensive insurance policy - 
one that can be jettisoned in times of economic stress. You can pave 
the way to management understanding of DR by documenting the 
cost of foreseeable disasters: the value of lost business due to inter¬ 
nal risks like corporate theft, fire, flood, or other serious emergency. 
You should also identify ways that DR implementation will improve 
overall organizational efficiency and ultimately lower the total cost 
of operation. DR processes can help achieve compliance with cor¬ 
porate regulatory codes, such as Sarbanes-Oxley and HIPAA. Central¬ 
izing critical activities, such as email, can reap savings in economies 
of scale not achievable in distributed processing schemes. Look for 
an all-in-one model that provides more than just backup or virtual¬ 
ization. 

5. Employ disk-to-disk-to- 
cloud backup 

The traditional backup strategy employed by branch offices is to 
copy critical data files from local servers and computers every night 
to tape, which is then taken offsite the next day. The traditional way 
this strategy fails is that, during a disaster, the tapes turn out to be 
blank or incomplete. This failure mode results from the relegation of 
a critical DR function to non-technical staff members untrained to 
recognize backup failures when they occur, letting them propagate 
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WINDOWS POWER TOOLS 


Minasi 

"Hybrid sleep tries to'idiot-proof the whole 
sleep/hibernation concept." 



Powercfg Gets Sleepy 


Control hibernation with Vista/Server 2008 's revitalized power-management utility 


L ast month, in “Powercfg Revisited" (InstantDoc ID 
102005), I introduced Windows Vista/Windows Server 
2008's command-line power-management tool, Pow¬ 
ercfg, noting that although it first appeared in Windows 
XP SP2, its Vista and Server 2008 incarnation changes 
almost everything, making it a nearly new tool that's 
worth a look. (For a useful Powercfg tip that I didn't have room for 
last month, see the sidebar “Powercfg Plus WinRS.") This month, 
let's dig a little more deeply into what's different about the new 
Powercfg. 

Hibernation Consternation 

In XP, you could configure a system, after a certain amount of inac¬ 
tivity, to go to sleep (i.e., the screen shuts off, the hard disk stops, the 
CPU's clock rate drops considerably, but the system still consumes 
some power) and, after a further period of inactivity, to hibernate 
(i.e., the system writes the current state of the system's RAM and 
processor registers to disk, then shuts down and stops using power). 
I was accustomed to that kind of control, so when I sat down to tweak 
my new Vista machine's sleep and hibernation behavior, I was sur¬ 
prised to find that the word “hibernate" didn't appear in the Control 
Panel Power Options applet. 

Check it out for yourself: On your out-of-the-box Vista machine, 
open Control Panel and access the Hardware and Sound area. 
Under Power Options, click Change power-saving settings. Under 
your selected power plan, click Change power settings, then 
Change advanced power settings in the resulting dialog box. On the 
Advanced settings property page tab that appears, click the plus sign 
next to Sleep and you'll see just one option— Sleep after. You'll find 
that you can control only how 
many minutes of inactivity Vista 
should wait before putting your 
system to sleep. Vista blends the 
notions of sleep and hibernation 
into “hybrid sleep." If the system 
sleeps so long that it's almost 
out of power, it automatically 
hibernates itself and shuts down 
its power. 

This functionality isn't terri¬ 
ble—I'm sure Microsoft had its 
heart in the right place when it 


Powercfg Plus WinRS 


came up with it—but I don't trust it. If I plan to walk around with 
my laptop for, say, 30 minutes, I've always preferred to put it into 
hibernation so that I don't have to worry about it overheating in 
the laptop bag because of its reduced-but-still-active power use. 
(I've seen this happen.) That way, I also know that my system isn't 
draining its battery while it's stowed away. I can't perform that sort 
of configuration on a new Vista system, though: Microsoft's notion 
of hybrid sleep tries to “idiot-proof" the whole sleep/hibernation 
concept, and the result is that I'm the one that's overheated. 

Powercfg to the Rescue 

A Powercfg switch in Vista lets you configure Vista's power-saving 
functionality the way you want. Microsoft calls it “turning on 
hibernation"—a misleading label because it's not hibernation that's 
enabled or disabled but rather your ability to control when hiberna¬ 
tion occurs. Anyway, there's no Vista GUI that lets you “enable hiber¬ 
nation," but you can do it from an elevated command prompt: 

powercfg -h on 

(Note that this command might cause Vista to create a large hiberfil 
.sys file, which the system uses to store the contents of RAM during 
hibernates.) Once you run that command, reopen the Advanced 
Settings dialog box and you'll see that the Sleep option now has three 
choices rather than one: Sleep after, Allow hybrid sleep (a yes/no 
question that lets you choose to employ hybrid sleep), and Hibernate 
after. At this point, I can now tweak my system's sleep and hiberna¬ 
tion behavior independently—a victory for personal choice! 

In theory, your system might lack the hardware necessary to 
support the whole notion of hibernation. In that case, all the Pow¬ 
ercfg commands in the world 
won't have any effect. That's 
an unlikely scenario on any 
modern hardware, however, 
and I can't imagine someone 
running Vista on a system 
that isn't modern. ^ 

InstantDoc ID 102240 


One aspect of Powercfg's usefulness involves WinRS. You might recall from 
a previous column that WinRS is the new, secure remote command shell 
for Vista and Server 2008, as well as—with a Microsoft hotfix—XP and 
Windows 2003. As with Telnet, its insecure older relative, one of WinRS's big 
selling points is that it provides a remote control tool that requires only a 
tiny amount of bandwidth. So, Powercfg in conjunction with WinRS offers 
you a minimum-bandwidth way to remotely control Windows power 
management. 


MARK MINASI (www.minasi 
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THE PURSUIT FOR GOLD CONTINUES ... 


At Tech*Ed in LA this year one lucky winner 
left our booth with a bar of gold. Now you have 
another chance of becoming the proud owner of 
100 grams of pure gold. All you need to do is 
attend a live demo arranged by us. 

Just visit our company website and request a 
live demo of the product/products of your inte¬ 
rest. Once the demo is done you are qualified 
to enter our competition. Read more about the 
competition on www.specopssoft.com/gold in¬ 
cluding terms and conditions. 
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Otey 

"None of these tools are bait-and-switch trial 
versions that will time out on you." 




Cool Free Tools for Windows Admins 

Recover files, edit source code, scan your network, and more—for just the right price 


hey say you get what you pay for, but sometimes you can 
get a whole lot more than you pay for. In this column, Ill 
share ten of my favorite free tools that Windows admin¬ 
istrators can use to deliver a whole lot of value for abso¬ 
lutely no money. Although some of these utilities have 
more fully featured commercial siblings, none of these 
tools are bait-and-switch trial versions that will time out on you. 

Desktop Restore—It drives me crazy when some application 
changes my screen resolution and messes up my carefully 
arranged desktop. Desktop Restore is a tiny shell extension that 
records the position of your desktop icons and lets you easily restore 
your favorite desktop layout when such a tragedy occurs. You can get 
Desktop Restore from www.midiox.com/desktoprestore.htm. 

O Paint.NET—Paint.NET is a huge improvement over Windows' 
built-in Paint program for image manipulation. Paint.NET lets 
you work with multiple images. It also has features such as 
layers, gradients, and a cool 3D image rotation. You can download 
Paint.NET from www.getpaint.net/download.html. 

O Notepad++—I've used several different source-code editors, 
but Notepad++ has become my favorite. It features a tabbed 
interface, syntax highlighting for all popular programming and 
scripting languages, bracket matching, and macro recording. You 
can download Notepad++ from notepad-plus.sourceforge.net/uk/ 
download.php. 

O XML Notepad—Notepad++ can do basic XML editing, but 
Microsoft's XML Notepad is a specialized XML editor with 
a small footprint. It has a Tree View and a Node Text View 
and a built-in XML Diff capability. XML Notepad is handy for 
manually editing Hyper-V virtual machines (VMs). You can 
find XML Notepad at www.microsoft.com/downloads/details. 
aspx?familyid=72d6aa49-787d-4118-ba5f-4f30fe913628. 

O InfraRecorder—Windows OSs don't provide graphical tools 
for burning ISO images. Although InfraRecorder doesn't 
support all the DVD and CD drives that are available, it can 
burn ISO images as well as create data and audio CDs and DVDs 
on most common drives. You can download InfraRecorder from 
infrarecorder.org/?page_id=5. 


O Zoomit—What's a list of free tools without something from 
Sysinternals? If you give presentations and demos, you might 
want to check out Zoomit. Zoomit lets you magnify portions 
of your screen as well as draw on and annotate the screen. You can 
find Zoomit at technet.microsoft.com/en-us/bb897434.aspx. 

O Lansweeper—Lansweeper is a network inventory tool that 
performs hardware scanning, software scanning, and report¬ 
ing on Active Directory (AD) users. Scanning is done using 
WMI and remote registry access. Lansweeper requires SQL Server 
2000 or later on the backend, and it has a convenient option to 
include SQL Server 2005 Express as part of its installation. You can 
get Lansweeper at www.lansweeper.com. 

O WinPE 2.1—Windows Preinstallation Environment (WinPE) is 
a bootable copy of the Vista core that essentially lets you make 
a Windows command-line boot recovery DVD. Until recently, 
WinPE was available only to Software Assurance customers, but 
Microsoft has made WinPE available as a part of the Windows Auto¬ 
mated Installation Kit (WAIK), which you can download from www 
.microsoft.com/downloads/details.aspx?FamilyID=94bb6e34-d890- 
4932-81a5-5b50c657de08. 

O PING—I tend to shy away from Linux-based tools, but I've 
found PING (Partimage Is Not Ghost) really useful—yes, even 
for Windows users. PING makes a sector-based image copy of 
a disk partition. The bootable PING ISO tool is useful for copying a 
Windows boot partition when the system disk is full and you want to 
put the image back on a bigger disk. You can download PING from 
ping.windowsdream.com. 

O NTFS Undelete—NTFS Undelete is the kind of tool that can 
really save your bacon when you need to recover a file and 
you don't have a backup. NTFS Undelete recovers deleted 
files that are no longer in your recycle bin. I also recently used it to 
successfully recover a corrupted disk partition. NTFS Undelete can 
be found at ntfsundelete.com. ^ 
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Smarter technology for a Smarter Planet: 

How to manage 
thousands of things 
you can’t touch. 

With server utilization rates in the low teens to single digits, it’s 
understandable that companies everywhere are thinking about 
virtualization. But as virtualization gains momentum, many companies 
are finding out the hard way that virtual image sprawl can be just 
as complex and overwhelming as the physical server sprawl it was 
meant to solve. The question, then, isn’t whether to virtualize or 
not — it’s how to minimize complexity. 

Forty years ago, IBM pioneered virtualization. And today IBM is 
helping companies manage and simplify their virtual environments. 
Offering a broad range of solutions that can help companies gain 
visibility and control across all of their virtual resources—servers, 
storage, applications, etc. This broad, open approach allows 
companies to automate their virtual environments so they can 
provision and reconfigure resources in seconds rather than days. 
Driving up efficiencies and setting the stage for new delivery 
models like cloud computing. 

IBM’s approach to virtualization has helped clients reduce capital and 
operating costs by up to 30%. And allowed others to support over 
100 times their normal traffic. The right approach to virtualization is an 
essential building block of a smarter, more dynamic infrastructure. 

A smarter business needs smarter software, systems and services. 
Let’s build a smarter planet, ibm.com/virtualize 
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"Xperf's powerful stackwalking feature lets 
you view functions executed during a specific 
time period and determine the most 
processor-intensive operations." 


Under the Covers with Xperf 

Use Xperf to find the most CPU-intensive tasks executed in a specified timeframe 


O ne of Xperf's more powerful features is stackwalking, 
which lets you capture and view functions executed 
during a specific time period and find processor¬ 
intensive operations. Stackwalking shows you where 
processor time is spent and the path of a process's 
execution that led up to the expensive operation. 
Xperf can also help reveal the impact of configuration changes on 
a system by collecting aggregate data and parsing it for informa¬ 
tion about performance or resource-consumption patterns. Here 
I'll show you how to capture a stackwalking trace and interpret the 
data. 

Capturing a Stackwalking Trace 

You'll need to perform these tasks to use Xperf to capture a stack¬ 
walking trace: 

Set system variables for symbol loading. On the target system, 
the best way to ensure that your symbols are properly configured is 
by setting the following two system variables. You can set these two 
variables via the command line; however, my recommendation is 
to set these variables using the Control Panel's System applet or by 
right-clicking My Computer and selecting Properties, clicking the 
Advanced tab, and clicking Environment Variables. 

The first system variable you need to set is this one: 

_NT_SYMBOL_PATH = srv*c:\symbols*http://msdl.microsoft.com/ 
download/symbols*c:\APP1 

If you're a developer, you may want to add paths to your own appli¬ 
cation's symbols or to another vendor's symbols. Simply add an 
additional asterisk (*) to separate each path. 

The second system variable to set is this: 

_NT_SYMCACH E_PATH = c:\symbols 

Setting this variable tells Xperf to strip each symbol of the unneces¬ 
sary information (i.e., structure definitions) and create a smaller- 
sized symbol file. The smaller file increases the speed of symbol 
loading and improves the overall Xperf experience when you're 
viewing stacks. 

Specify the stackwalk flag. There are 
several ways you can use the stackwalking 
flag in Xperf. Following is a typical command 
line that turns on stackwalking for kernel 
events and can be used to help diagnose 


high-CPU-usage issues: 

xperf -on latency -stackwalk profile 

Use this to find a more comprehensive list of stackwalking events: 
xperf -help stackwalk 

Turn on symbol loading. After the trace has been collected and 
you're viewing the trace file, you'll need to turn on symbol loading 
from within the Xperf viewer. 

Those are the three main action items required to use Xperf's 
stackwalking functionality, which leads us to a question: Is there any 
value in enabling the stackwalking feature if you don't have access to 
symbols? Answer: Yes, but it depends. Without symbols, you can see 
only the module within the process responsible for consuming the 
CPU. However, in some cases that could be enough information for 
you to make progress in resolving an issue, such as high CPU usage. 

Capturing and Interpreting a Trace 

Now let's walk through the steps you'll need to perform to first cap¬ 
ture a stackwalking trace, then view and interpret the trace data. 

Step 1: Issue the Xperf command. Following is a typical com¬ 
mand line you can use to capture the information you'll need to 
diagnose a high-CPU-usage issue using stackwalking. Once you've 
set up symbols and installed Xperf, you don't have to reboot or restart 
any other service. You're ready to run the following command: 

xperf -on latency -stackwalk profile 

This command says, "turn on tracing for the kernel events that the 
latency group represents, and turn on the stackwalking profiler for 
this session." You won't be able to view any stack traces without issu¬ 
ing the -stackwalk profile flag. 

Step 2: View and then stop the trace. The CPU spike needs to 
occur sometime while tracing has been enabled. To view and stop 
the trace, enter the following command: 

By default, Event Tracing for Windows 
places the information into the kernel 
.etl, and by specifying -d, you're saying, 
"merge the kernel.etl with the name of 
the .etl file you specified (e.g., perf.etl). 
Step 3: Open the perf.etl file. Open 


xperf -d perf.etl 


Find Out More About Xperf 

Get started using Xperf by reading "Examining 
Xperf,"July 2009, InstantDoc ID 102054. Down¬ 
load Xperf at tinyurl.com/myhfml. 
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the perf.etl file inside the Performance Ana¬ 
lyzer Viewer (i.e., Xperf): 

xperf perf.etl 

The Xperf viewer (aka Windows Perfor¬ 
mance Analyzer) will display a list of charts 
and graphs that you can view to start pars¬ 
ing through the data. Once the viewer is 
opened, you can select the area of concern. 
To help make the graph less cluttered, you 
can uncheck all but the particular process 
you want to explore. In this case, the process 
spiking the CPU is WMIPrvse.exe. Next, 
select the time of concern, right-click on the 
selected area, and choose Summary Table. 

Once the Summary Table is open, click 
the chevron fly-out arrow at the far left. 
Make sure the Stack option is checked. This 
may take a few seconds as the symbols and 
stack load. Uncheck the Module and Func¬ 
tion checkboxes to make the view appear as 
it does in Figure 1. 

Notice the yellow line in Figure 1. Col¬ 
umns to the left of the yellow line determine 
the sort order. So, because the Process 
column is the furthest left, with the Stack 
column next, basically this indicates that 
you want to sort CPU time by process, then 
by stack. You could also sort by process, then 
by module if you didn't have access to sym¬ 
bols and only wanted to see which module 
consumed the most CPU time. 

Here's the key to understanding this 
data. The time interval you selected appears 
in the Summary Table's title bar. Thus, in 
Figure 1, we can see that our selected area 
encompassed 2.5 seconds. The highest- 
consuming process during this time period 
was WMIPrvse.exe, which we know because 
it has the topmost position in the graph. The 
numbers in the Weight column represent 
how many samples were collected during 
the selected time window. So, for example, 
we selected a time window of 2.5 seconds, 
and during that time we can expect to have 
approximately 2,500 events firing to collect 
event tracing information—the total of all 
the values in the Weight column. In this 
example, then, the CPU was in the context of 
the WMIPrvse.exe process 1,859.971 times, 
which represents a weight of 73.8 percent 
relative to all processes during that time. 

Furthermore, by expanding the plus 
(+) signs, we can start to unroll the stack 
and find out what functions consumed the 
most CPU time. You can also interpret the 



Figure 1: Summary table detail 


|Al CPU Sampling Summary Table - C:\xperfsdk\perf.ett - [20.830914891 s - 23.351853636 s] - 2.520938745 s - Windows Perfor... 
File Columns Trace Window Help 



Figure 2: Finding the time drop-off in the summary table 


numbers under the Weight column as 1ms 
per event, so 1,859 translates to approxi¬ 
mately 1.8 seconds. As you start to unroll 
the stack, you're looking for big drop-offs in 
time as areas to investigate. Figure 2 shows 
a drop-off from 1.14 seconds to .57 seconds. 
If I were a developer, I'd start to investi¬ 
gate the cimwin32.dll function calls into 
kernel32!FindFirstFileW. If I were an admin¬ 
istrator, I'd immediately do two things: 

1. Search the web for an update to 
cimwin32.dll. 

2. Provide this information to the appli¬ 
cation's vendor; doing so will significantly 
reduce the time required to resolve the 
issue if an update isn't available. 

The Anti-Debugger 

Sometimes debugging is the only way to 
find the root cause of a system performance 
problem. However, by using Xperf, you can 


uncover an application's behavior by scan¬ 
ning the names of the function calls and also 
determine exactly where all the system time 
is being spent—all without knowing a single 
debugging command, opening a dump file, 
or being an expert in Windows architecture 
(although it wouldn't hurt!). Next month, 
I'll expand further on Xperf by exploring 
various ways you can use it to help diagnose 
some common performance issues. ^ 

InstantDoc ID 102263 


MICHAEL MORALES (morales@microsoft.com) 
is a senior escalation engineer for Microsoft's 
Global Escalation Services team. He specializes in 
advanced Windows debugging and performance- 
related issues. For information about Windows 
debugging, visit blogs.msdn.com/ntdebugging. 

Special thanks to Tate Calhoun, a Microsoft 
senior escalation engineer, who contributed 
significantly to this article. 
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TOOL TIME 

windowsitpro.com|\ 


Text Editing with PrimalPad 

If Notepad's anemic text-editing capa¬ 
bilities frustrate you, you might want 
to try PrimalPad Community Edition, 
SAPIEN Technologies'free portable 
text editor (www.primaltools.com/ 
downloads/communitytools). I've 
found it to be an exceptional tool. 

Syntax highlighting is important to 
me since it dramatically improves the 
script editing process. PrimalPad's VB¬ 
Script keyword highlighting is superior 
to that in high-priced text editors. It has 
perfect VBScript support—every single 
keyword and reserved word is recog¬ 
nized. PrimalPad also includes highlight¬ 
ing for PowerShell and JScript. 

Even without syntax highlighting, 
PrimalPad is still a clear winner over 
Notepad. PrimalPad numbers lines with 
a contrasting color to aid navigation. You 
can also bookmark a specific line and 
cycle forward or backward through cur¬ 
rent bookmarks. You don't need multiple 
windows for multiple documents. If you 
drag one or more documents onto the 
PrimalPad window, each will open in a 
new tab. 

PrimalPad comes preconfigured 
and is completely portable. If you don't 
want to leave any trace of PrimalPad on 
systems where you use it, you can put 
the PrimalPad.ini file in the same folder 
as PrimalPad. It will then store settings 
in the .ini file. If an .ini file isn't present, 
PrimalPad stores settings in the registry. 

PrimalPad is definitely worth 
getting—and not just if you need a 
portable text editor. PrimalPad is a good 
starter text editor for administrators 
who work with VBScript and PowerShell 
scripts. With PrimalPad, there's no learn¬ 
ing curve for the Ul. 

One final note: 32-bit and 64-bit ver¬ 
sions of PrimalPad are available. If you 
intend to use PrimalPad as a portable 
editor, get the 32-bit version. If you 
intend to use PrimalPad as a basic script 
editor on x64 Windows and portability 
isn't a concern, get the x64 version. 

—Alex K. Angelopoulos, IT consultant 
InstantDoc ID 102261 


■ PrimalPad ■ Printer Maps 

■ SharePoint 


READER TO READER 


The Trick to Opening a Top Link Bar 
URL in a Separate Window 

In Windows SharePoint Services 3.0 (WSS 
3.0) or Microsoft Office SharePoint Server 
2007 (MOSS 2007), administrators can 
easily create a hyperlink in the top link bar 
by selecting Site Action, choosing Site Set¬ 
tings, clicking Top link bar, and entering a 
hyperlink (e.g., http://www.officeshare 
pointpro.com). One SharePoint question 
I'm often asked is howto create a hyperlink 
that opens a separate Microsoft Internet 
Explorer (IE) window. 

There isn't an out- 
of-the-box solution for 
opening a link in another 
IE window. If you search 
the Internet, you'll find 
some solutions such as 
using Microsoft Office 
SharePoint Designer 2007 to 
modify the hyperlink or creat¬ 
ing a new custom site definition that 
provides an "Open in New Window" option. 
These solutions might not be suitable for 
administrators who don't have SharePoint 
Designer 2007 or an in-depth understand¬ 
ing of SharePoint custom site definitions. 

After some thought, I realized that you 
can use a relatively simple browser tech¬ 
nique to achieve the desired result. Gener¬ 
ally, all browsers let you use JavaScript in 
the address bar.Thus, you can place the 
URL in a JavaScript command that opens 
the specified link in a separate window. 

For example, suppose you want to 
open the Office & SharePoint Pro website 
in a new browser. You'd select Site Action, 
choose Site Settings, and click Top link bar. 
Then you'd enter 

javascript:window.open("http:// 


www.officesharepointpro.com"); 
void(0); 

(Although this JavaScript command wraps 
here, you'd enter the entire command on 
one line.) The Office & SharePoint Pro web¬ 
site will then open in a separate window 
while the SharePoint site remains open in 
the original window. 

This technique works for both IE and 
Firefox. However, it might not work in all 
situations. For example, it won't work for 
SharePoint sites that have the MOSS 
publishing feature enabled because 
the top link bar is replaced with a 
navigation bar.The navigation bar 
doesn't let you enter JavaScript 
commands. With that said, the 
navigation bar already has an 
option that lets you open a 
link in a new window, so this 
workaround isn't needed in 
that situation anyway. 

—Jian Bo, Microsoft Certified Trainer 
InstantDoc ID 102258 

Let Users Easily Find and Connect 
to Printers 

At my company, users often had a difficult 
time locating and connecting to printers 
near their offices or near a meeting room. 

To eliminate this problem, I set up Internet 
printing on our print server and created a 
map that people can use to locate and con¬ 
nect to printers. 

Setting up Internet printing is straight¬ 
forward. However, to use Internet printing, 
your print server needs to be running IIS. 
Our print server is running Windows Server 
2003 and IIS 6.0.To enable Internet printing 
in IIS 6.0, you just need to open IIS, choose 
Web Service Extensions, select Internet 
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Document List 


Properties 
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Device Status 

All Printers 
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Cancel All Documents 

Connect 



Figure 1: Sample printer web page 


age. They can be shapes (e.g., circles, rect¬ 
angles) or text. On our map, users can get 
a brief description of the printer when they 
hover their mouse over a printer hot spot. 
When users click a printer hot spot, they're 
asked whether they want to add a printer 
connection to that printer. If they click Yes, 
the print server installs the printer's driver 
and adds the printer's icon to the Printers 
folder on their computer. They can then 
use the printer as if it were attached to their 
computer. 



Figure 2: Map showing the location of printers 

Printing, and click Allow. 

Once you've enabled Internet print¬ 
ing, you can get a nice overview of all your 
printers in the print server's web page at 
http://PrintServerName/printers, where 
PrintServerName is the name of your print 
server. Each printer has a link. Clicking a 
printer link brings up that printer's web 
page. As Figure 1 shows, you have options 
to get detailed information about that 
printer and options to monitor and manage 
it. If you click the Connect option, then 
click Yes in the Add Web Printer Connec¬ 
tion dialog box, the print server installs the 
appropriate printer driver and adds the 
printer's icon to the Printers folder on your 


computer. You can then use the printer 
as if it were attached to your computer. 
Note that if the print server's web page is 
in a Microsoft Internet Explorer (IE) 
zone whose security settings are 
set to medium-low or lower, 

Windows creates a remote 
procedure call (RPC) printer 
connection, which is pre¬ 
ferred in an intranet scenario. 

Otherwise, Windows creates 
an HTTP printer connection. 

On the map, which is posted 
on our intranet, the printer locations 
are marked with hot spots, as Figure 2 
shows. Hot spots are hyperlinks on an im- 


To create a map, you 
first need to obtain some 
URLs from the printer web 
pages. On each printer 
web page, right-click the 
Connect option, and choose 
Copy Shortcut to get the 
URL. Paste the URLs in a 
text file. Then, create an 
HTML page that maps the 
printers'locations. With a 
floor plan in .bmp format, 
it's easy to create a printer 
map HTML page using 
Microsoft FrontPage. Using 
the URLs you copied, create 
hot spots for each printer 
location. If you want a hot 
spot to display a brief printer 
description when a mouse 
hovers over it, be sure to 
add that description to the 
hyperlink properties. Make 
sure you have the appropri¬ 
ate security settings on the 
printer objects. 

You can find more in¬ 
formation about setting up 
and using Internet printing in the Microsoft 
white paper"Printing Effectively with 
Internet Printing Protocol (IPP) 1.0"(www 
.m icrosoft.com/wi ndowsserver2003/ 
techinfo/overview/internetprint 
.mspx). For more information 
about creating hot spots in 
FrontPage, see the "About hot 
spots and image maps" web 
page (office.microsoft.com/ 
en-gb/frontpage/HP030829 
331033.aspx). 

—Peder Pedersen, 
IT infrastructure manager, 
DEIF A/S 
InstantDoc ID 102265 
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ASK THE EXPERTS ■ 


■ Routing and Remote ■ Active Directory 

Access ■ Server Core 

■ Outlook ■ Domain Controllers 


ANSWERS TO YOUR QUESTIONS 



Q. I've configured Routing and 
Remote Access to connect two sub¬ 
nets, but clients can't communicate 
to servers via the router. What's 
wrong? 

Al First, make sure you have your Routing 
and Remote Access server configured cor¬ 
rectly. Remember: 

• Make sure you've enabled the router 
function for LAN. Navigate to Routing 
and Remote Access manager, then 
Server properties and make sure Router 
is checked in the General tab. 

• Double-check that you've enabled IP 
routing. Still in the Routing and Remote 
Access manager, then Server properties, 
and in the IP tab make sure Enable IP 
routing is checked. 

• No NICs should have a default gateway 
defined. You should, however, define 

a static route on the NIC that connects 
to another default gateway if you have 
one on your network. The settings you 
want for static routes are located in 
Routing and Remote Access manager 
under Server, then IP Routing, then Static 
Routes, then 0.0.0.0 destination, 0.0.0.0 


subnet. Enter the gateway address and 
select the adapter. 

You might be using Routing and 
Remote Access to connect two subnets 
when it isn't the default gateway for cli¬ 
ents on both sides of the router, such as if 
you have a branch office that accesses the 
main location via a Routing and Remote 
Access server. In this case, Routing and Re¬ 
mote Access is the default gateway for the 
branch computers, but the computers in 
the main location have a different gateway 
to the Internet. The computers in the main 
location have no way of knowing how to 
get traffic back to the branch. To resolve 
this, you need to add a static route on the 
computers in the main location so they 
know how to get to the branch subnet. For 
example, use the command 

C:\>route add 192.168.5.0 MASK 
255.255.255.0 192.168.1.5 
METRIC 1 IF 13 

In this example, I'm telling the client that to 
get to the 192.168.5.0/24 network, it must 
send the traffic to address 192.168.1.5 on 
interface 13 (Interfaces are listed at the start 
of a ROUTE PRINT execution). 

Adding this route resolves many 
problems where you have this combina¬ 
tion of subnets being connected without 
common gateways that are configured to 
share routing information. An alternative 
would be to update the gateway of the 
clients to know how to route the traffic to 
the remote subnet. Updating the gateway 
would be a better solution for large num¬ 
bers of clients. 

—John Savill 

InstantDoc ID 102001 
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John Savill | jsavill@windowsitpro.com 
Jan De Clercq | jan.declercq@hp.com 


Q: What happens when Outlook 
POP3 mail is delivered to an 
Exchange Server mailbox with 
Outlook in Cached Mode? 

A: Within an Outlook profile, you can 
configure multiple email accounts. Up to 
and including Microsoft Office Outlook 
2007, only one of these accounts can 
use MAPI access to an Exchange Server. 
However, you can add other accounts 
using different Internet protocols, namely 
POP3, IMAP4, and HTTP. I don't know of a 
documented maximum number of email 



Q: How can I protect Active 
Directory (AD) objects such as 
organizational units (OUs) 
from accidental deletion by 
administrators? 

A: Accidental changes like deleting 
an OU that contains many objects are 
fairly hard to undo in AD. Ideally, del¬ 
egated administrators shouldn't be 
granted the AD rights to delete OUs 
or other sensitive objects, but even 
domain administrators sometimes 
have fat fingers. 

In Windows Server 2008, Micro¬ 
soft introduced a new option in the 
Active Directory Users and Comput¬ 
ers (ADUC) Microsoft Management 
Console snap-in to prevent accidental 
object deletion. There's a new check 
box in the object properties on the 
object tab called Protect object from 
accidental deletion. Under the hood, 
this box sets two simple Deny access 
control entries on the object you 
want to protect: 

• Everyone - Delete 

• Everyone - Delete Subtree 

If you're familiar with the AD security 
model, you can apply the same per¬ 
missions in an existing Windows 2000 
or Windows Server 2003 AD forest. 

—Jan De Clercq 

InstantDoc ID 102144 
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■ ASK THE EXPERTS 


accounts allowed in a single Outlook 
profile, but performance can degrade with 
multiple active accounts through memory 
demands, bandwidth requirements, and 
disk I/O contention. I have four accounts 
in my main profile—two POP3 accounts, 
an IMAP account, and an Exchange 
account—and the negative performance 
impact within Outlook and with other 
programs in use concurrent to Outlook, es¬ 
pecially those accessing remote resources 
over my wireless connection, is sometimes 
quite tangible. 

Post Office Protocol, best known as 
POP3, is a client access protocol defined 
in RFC 1939. An email client, like Outlook, 
polls a POP3 server with valid credentials 
to identify and download new messages 
from a mailbox. Exchange is able to func¬ 
tion as a POP3 server, but not as a POP3 
client (though many third party software 
products try to make it function as such). 
When Outlook is configured with one 
or more POP3 accounts with delivery to 
an Exchange mailbox, it's Outlook that 
retrieves the mail. As new content is pulled 
from the POP3 server, Outlook then directs 
it to the Exchange Server mailbox. If Out¬ 
look is using Exchange Cached Mode, then 
Outlook first saves incoming POP3 mail to 
the local OST file, and then synchronizes 
the OST file to the Exchange Server mail¬ 
box. 

I confirmed this behavior for Micro¬ 
soft Exchange Server 2007 and Outlook 
2007 configured with a Cached Mode 
Exchange account and a POP3 account, 
with the Exchange mailbox as the delivery 
location. By watching the OST file size and 
Exchange mailbox size in real time, as well 
as doing packet captures during a POP3 
session between Outlook and my ISP's 
POP3 server, I verified that Outlook saves 
the POP3 messages locally first. If Outlook 
redirected incoming POP3 content to the 
mailbox on the Exchange server first, the 
content would make an unnecessary trip 
from Outlook to the Exchange mailbox 
and back again to Outlook's OST file. 

I've seen this multiple account configu¬ 
ration in the case of an Exchange customer 
who had acquired a small company that 
used Outlook with POP3 from a Windows- 
based email server.The employees 
from the acquired company were given 


Exchange mailboxes with POP3 access to 
their old server, which still received new 
email during a transition period. It works 
well, even with Cached Mode. 

Sometime you might want to control 
whether POP3 accounts should be added 
to users' profiles, or you might just want 
to control when POP3 servers are polled 
for new mail. For more on those options 
see my tips "Using Send/Receive Groups in 
Outlook," InstantDoc ID 101936, and "No 
Retroactive Prevention of New Account 
Creation," InstantDoc ID 101934. 

—William Lefkovics 

InstantDoc ID 101935 

Q. I closed my command prompt 
window in Server Core. Now I have 
no interface. What do I do? 

At It's easy to type exit in your command 
prompt window in a server core session, 
and if you do that then you have no in¬ 
terface. To get it back, press Ctrl+Alt+Del, 
select Task manager, go to the Tasks tab, 
click the New Task... button, and enter the 
taskcmd.exe. 

—John Savill 

InstantDoc ID 102199 

Q: How can I delete a Personal 
Storage (PST) file that was recently 
opened in Outlook? 

A: If you use Outlook to open a PST file, 
the file can't be edited, moved, or deleted. 
It's locked by Outlook for the duration. 

But that lock remains for 30 minutes by 
default, even after the PST file is closed in 
Outlook. The good news is that this value 
can be changed through a registry edit. 

Sometimes you might have to work 
with archived PST files, mailbox export 
PST files, or even PST files as personal 
backups separate from your primary email 
storage. You can select File, Open, Outlook 
Data File to mount an existing PST file for 
viewing. When you're finished, you can 
right-click the top of the PST file hierarchy 
in the Folder View and select Close <PST_ 
File_Label>. At this point, you might want 
to move or delete the PST file. Attempting 
to do so will return an error, such as "The 
action cannot be completed because the 
file is open in another program,"the error 


from Outlook 2007 on Windows Vista. 

Outlook maintains a lock on the PST 
file for 30 minutes. Typically, you would 
close Outlook to gain immediate access 
to that PST file, but there's a registry edit 
that can reduce the time Outlook keeps 
its grip on a PST file after closing it. In 
HKEY_CURRENT_USER\Software\Micro- 
soft\Office\<Version>\Outlook\PST\, add a 
DWORD entry called PSTDisconnectDelay. 

The value for PSTDisconnectDelay 
is time in seconds. A value of 30 (using 
decimal base) would keep a PST file locked 
by Outlook for half a minute after closing 
the PST file instead of the default 1800 
seconds (30 minutes). Outlook needs to be 
restarted for the change to take effect, as 
it reads the registry at startup. 

—William Lefkovics 

InstantDoc ID 101937 

Q. Do I need to prepare the domain 
and forest for a Windows Server 
2008 R2 domain controller (DC)? 

At Server 2008 R2 introduces some new 
Active Directory (AD) functionality, and 
you must prepare both the domain and 
forest before you introduce a Server 
2008 R2 DC. If you already have Server 
2008 DCs, you just need to run these 
commands: 

adprep /domainprep 
adprep /forestprep 

If you're running Windows 2003 DCs, you 
also need to run command 

adprep /domainprep /gpprep 

If you want to introduce RODC's (Server 
2008 or 2008 R2), you also need to run 

adprep /rodcprep 

You can find adprep in the supportX 
adprep folder of the 2008 R2 media. 

Copy this folder to the local computer 
and execute adprep from the local folder. 
Remember that you must be a schema 
admin to run the forestprep update and 
you should run it on the schema master 
DC. You must be a domain admin to run 
domainprep, which should be run on the 
infrastructure master of the domain. ^ 

—John Savill 

InstantDoc ID 102208 


22 AUGUST 2009 Windows IT Pro 


We're in IT with You 


www.windowsitpro.com 





COVER S 


More CONTROL Through 

Group Policy 
Preferences 

Expand on your Group Policy investment while leaving 
some choices in the hands of users by Jeremy Moskowitz 


E very new version of Windows comes with more to love, especially 
in the area of Group Policy: more control, more power, and more 
features that keep you from having to run around from machine to 
machine to get your job done. Usually, this power arrives built-in to 
the OS. For instance, when Windows Vista shipped, it brought with 
it Wired Ethernet policy, Enterprise QoS policy, a new capability for 
managing printers, and more. 

In 2007, Microsoft released Group Policy Preferences, a set of additional 
Group Policy features. These features augment the existing set of Group Policy 
functions—adding more functions to what you can already do. Some of the 
Group Policy Preferences have similar names and potentially overlapping fea¬ 
tures with the original Group Policy functions, but in this article Til show you 
where you can use the new functionality to get more out of your Group Policy 
investment. 


Getting Group Policy Preferences 

Group Policy Preferences, in total, encompass 21 features. You would think 
this many new features would ship as a lot of software. In fact, Group Policy 
Preferences ship as a single set of client-side extensions (CSEs). When the target 
computer processes a Group Policy Object (GPO) containing a Group Policy 
Preferences function, it simply calls the correct extension to do the work. 

Windows Server 2008 ships—and Windows 7 will ship—with the Group 
Policy Preferences CSE; you don't need to do anything for these OSs to process 
Group Policy Preferences directives. However, you need to update Vista, Win¬ 
dows Server 2003, and Windows XP computers to take advantage of the new 
technology. Windows 2000 computers aren't able to leverage Group Policy 
Preferences. For brevity and space constraints, I'll point you to the GPanswers 
.com Newsletter, issue 27 (www.GPanswers.com/newsletter), for detailed instal¬ 
lation instructions that cover a wide variety of circumstances. 

Note that your management console machine must have the updated Group Policy Management Console 
(GPMC) with its updated Group Policy Editor (GPE). The updated GPMC ships with Server 2008 and is available 
for Windows Vista SP1 and later if you install Remote Server Administration Toolkit (RSAT), which can be found in 
the Microsoft Download Center. The updated GPMC isn't available for XP systems. 

Group Policy Preferences help you do more than you originally could with Group Policy. With that in mind, let's 
examine some areas where Group Policy Preferences can help you expand on your Group Policy investment. 
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■GROUP POLICY PREFERENCES 



Figure 1: Creating a Group Policy Preferences item to control Internet Explorer 


Deploying Printers 

Deploying printers via Group Policy used 
to be a dream many administrators shared. 
This feature finally debuted with Windows 
Server 2003 R2, although administrators 
widely criticized it at first. For starters, the 
feature requires a schema update. It also 
requires that administrators place an add-on 
within their startup and logon scripts. And, 
worst of all, it didn't work consistently. 

Deployed Printers policy settings are 
found in GPE at \Computer Configuration\ 
PoliciesYWindows Settings\Deployed 
Printers and \User Configuration\Windows 
Settings\Deployed Printers. Note that you 
won't see the Deployed Printers node on 
a Server 2008 or Vista management station 
until you load the Print Management com¬ 
ponents, which you can install by using the 
RSAT tools; they're under the Feature sec¬ 
tion within \Remote Server Administration 
Tools\Role Administration Tools\Print 
Services Tools. 

Compared to Deployed Printers, the 
Group Policy Preferences Printers fea¬ 
ture tends to get most of the limelight. It 
requires no schema extensions and no 
startup or logon script updates—it just 
works. The Group Policy Preferences Print¬ 
ers node is found in two places: \Computer 
Configuration\Preferences\Control Panel 
Settings\Printers and \User Configuration\ 
Preferences\Control Panel Settings\Printers. 
This feature lets you deploy TCP/IP and 
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local printers (user- or computer-side) or 
shared printers (user-side only). 

As long as the Group Policy Preferences 
client is installed on the target machine, 
printer deployment is a dream. 

Group Policy Preferences aren't available 
for Windows 2000, so if you need to deploy 
printers on those systems, you should con¬ 
tinue using the older Group Policy Deployed 
Printers method. 

Controlling IE 

Group Policy has several ways to manage 
one of Windows' most popular applications, 
Microsoft Internet Explorer (IE). The original 
policy settings can be found under either 
User Configuration or Computer Configura¬ 
tion at \Policies\Administrative Templates\ 
Windows Components\Internet Explorer. 
These settings can help you lock down what 
users can and can't do with IE. 

Additional IE settings called IE Main¬ 
tenance are found at \User Configuration\ 
PoliciesYWindows Settings\Intemet Explorer 
Maintenance. Some of these settings per¬ 
form policy-style lockout; others let users 
work around predefined settings. 

Group Policy Preferences Internet Set¬ 
tings adds some new tricks. As Figure 1 
shows, the IE settings are found at \User 
Configuration\Preferences\Control Panel 
Settings\Internet Settings. Setting prefer¬ 
ences for items means that you establish 
initial settings, but users are able to change 
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them. For instance, you might 
set your company's web page 
as the home page for all users, 
but allow them to change it later 
if they choose. Preferences are 
similar to IE Maintenance set¬ 
tings in this way; yet the admin¬ 
istrative interface for Group 
Policy Preferences Internet Set¬ 
tings is exceptionally refreshing: 
It actually looks like Internet 
Explorer, which delights most 
administrators. 

Power Management 

Vista shipped with some very 
good power management func¬ 
tions. They're found under 
\Computer Configuration 
Policies\System\Power 
Management. These settings 
control sleep settings, what hap¬ 
pens when you push various power buttons, 
when the hard drive should spin down, and 
more, but they're usable only for Vista. 

As Figure 2, page 28, shows, the Group 
Policy Preferences Power Options settings 
are found under Computer Configuration 
and User Configuration within \Preferences\ 
Control Panel Settings\Power Options. These 
settings bring new Group Policy-based power 
management features to XP. This addition 
to the power management family brings a 
hugely desired feature to a large install base. 
What's more, the UI for configuring Power 
Options and Power Schemes looks strikingly 
similar to the XP interface, shortening the 
learning curve so that administrators can be 
quickly proficient with this new functional¬ 
ity. 

Manipulating Files 

Administrators sometimes want to set file 
security on specific files on desktops and 
servers. Instead of running out to each 
machine, they can use Group Policy to do it. 
Actually getting those files to desktops and 
servers has been another story altogether. 
You either need to copy files manually or use 
a logon script or something similar to do it. 

However, with Group Policy Preferences 
Files, found at \Computer Configuration\ 
Preferences\Windows Settings\Files, you 
can deliver a file—or multiple files—to a 
client. And with Group Policy File Security 
policy settings, located within \Computer 
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The data are encrypted with SSL, and the default port 443 is 
used. 

The RDP protocol is used for obtaining access with optimum 
performance. 


This HOB software is browser-based and platform-independent, 
meaning you can access your data from Windows, Macs or even 
Linux machines. 

The highly performant RDP Java client HOBLink JWT is 
integrated in HOB RD VPN. 


When you access your desktop, you can use the clipboard 
and print or transfer files over the Local Drive Mapping 
feature. 


The desktop acts as an RDP server for Windows XP, Windows 
Vista and Windows 7 (Exception: the Home Editions). 

Even if your desktop is not running a Windows OS, HOB has a 
solution: HOB X11 Gate for Linux or HOB MacGate for Mac 
OS X. 

These add-on components from HOB allow you to access 
non-Windows desktops over the highly performant RDP 
protocol. 


HOB RD VPN is Common Criteria certified. 


SSL-encrypted and highly performant 


Clientless and platform-independent 
No administrator rights required 


Easy data transfer and local printer 
support 


Desktop-on-Demand for 
Windows, Linux and Mac 


With HOB RD VPN Desktop-on-Demand 
you can access your desktop from 
anywhere. If your computer has been 
powered down, you can remotely start it. 


Secure Remote Access 

The Secure and Comprehensive 
Remote Access Software Suite! 


HOB RD VPN is a software product, not 
a hosted service. This means your data 
remains fully in your hands, under your 
control and nobody else’s. 


HOB RD VPN also provides: 
Windows Terminal Server Computing (WTS) 
VDI (Virtual Desktop Infrastructure) 
Web Server Gate for accessing internal Web servers 
File exchange with Web File Access 
VT/SSH as a Java client (ideal for administrators) 
HOB PPP Tunnel for universal network access 
Standard emulations in Java (3270, 5250, VT, 9750) 


HOB 


Don’t Go To My PC - 
Go Directly To Your PC! 


HOB RD VPN 
Desktop-on-Demand 


HOB RD VPN 


www.hobsoft.com 





Smarter technology for a Smarter Planet: 

Can an entire business 
be given a nervous system? 

Datacenters used to be a fairly straightforward concept: air-conditioned 
rooms that housed the physical machines that powered a company’s IT 
capabilities. But on a smarter planet, intelligent devices connected by 
powerful service management systems are redefining the role of the 
infrastructure at the core of the enterprise. If digital intelligence can be 
infused into things like production equipment and supply chains, then 
the datacenter isn’t simply the nervous system for IT. It’s the nervous 
system of the entire business. 

But that will require a broader way of thinking about infrastructure. 

Not as a collection of disconnected pieces, but as an integrated system 
that connects the datacenter to all of the digital and physical assets 
of the business—a nervous system that can sense and respond to 
change. From railway systems that can predict and schedule their 
own maintenance to assembly lines that understand how to adjust 
to changing needs to power grids that match supply and demand, 
IBM is already helping customers improve service, increase flexibility 
and reduce operating costs by as much as 50%. 

From a computing standpoint, the last 50 years were largely about building 
machines that were more intelligent. Let’s make the next 50 about 
extending that intelligence across a smarter, more dynamic infrastructure. 

A smarter business needs smarter software, systems and services. 

Let’s build a smarter planet, ibm.com/infrastructure 








IBM, the IBM logo, ibm.com, Smarter Planet and the planet icon are trademarks of International Business Machines Corp., registered in many jurisdictions worldwide. Other 
product and service names might be trademarks of IBM or other companies. A current list of IBM trademarks is available on the Web at www.ibm.com/legal/copytrade.shtml. 
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Figure 2: Accessing Group Policy Preferences Power Options for XP 


Configuration\Policies\Windows Settings\ 
Security Settings\File System, you can set 
the ACLs on those files. What a magic com¬ 
bination! 

Setting Up Services 

It's never fun to run around to 100 servers 
to change the values of a service. That's why 
Group Policy has a method to control ser¬ 
vices, located in \Computer Configuration\ 
Policies\Security Settings\System Services. 
These settings let you set security on the 
account, such as who can start, stop, and 
pause the service. 

However, with Group Policy Prefer¬ 
ences Services (\Computer Configura- 
tion\Preferences\Control Panel Settings\ 
Services), you can also change the local sys¬ 
tem account password, change the recovery 
options for when a service fails, and change 
the program that runs if a service fails, or 
choose to restart the computer if the service 
fails. 

Wrangling the Registry 

Setting a single registry value on all your 
target machines can be a real hassle. Many 
administrators use logon scripts and other 
quasi-automatic methods to accomplish 
this often-desired goal. 

Group Policy has always been able to 
deliver specific registry values to clients using 
its built-in ADM and ADMX frameworks. You 
see the results of ADM and ADMX frame¬ 
works every time you explore \Computer 
Configuration\Policies\Administrative 
Templates or \User Configuration\Policies\ 
Administrative Templates. These Group 
Policy settings simply set desired registry 
values on target machines. 

ADM and ADMX files can be developed 
to deliver registry settings for your appli¬ 
cations. However, those values can only 
be delivered to HKEY_LOCAL_MACHINE 
and HKEY_CURRENT_USER; you can't 
use them for any other locations. Addition¬ 
ally, ADM and ADMX files can't deliver 
REG_BINARY values, a popular data type. 
ADM and ADMX files are also well known 
to leave behind, or tattoo, settings if the 
application doesn't use Microsoft's strict 
logo requirements. So, even if the user falls 
out of the scope of management or the GPO 
is deleted or unlinked, the value persists. 

The Group Policy Preferences Registry 
item brings more to the table. These settings 
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are located within \User Configuration\ 
Preferences\Windows Settings\Registry 
and \Computer Configuration\Preferences\ 
Windows Settings\Registry. This configura¬ 
tion item lets you plunk registry values into 
just about any area of the registry. 

You might want to continue using ADM 
or ADMX files if you like the idea of admin¬ 
istrators being able to select from a range 
of values. For instance, if you had a custom 
application that used custom values, you 
could create an ADM or ADMX file so that 
administrators could choose a background 
color of green, red, or peach. These colors 
might correspond to values 1, 2, and 4.57. A 
simple drop-down menu could let admin¬ 
istrators select the color instead of having to 
remember the values. 

Group Policy Preferences Registry set¬ 
tings don't let you use a range of values. 
Group Policy Preferences Registry settings 
simply set the particular registry value; 
there's no framework to describe a UI for the 
target application as you can do with ADM 
and ADMX files. 
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Restricting Devices 

Every administrator needs to control which 
devices can and can't be brought into the 
network. Items such as USB keys or external 
disk drives are often excellent candidates to 
restrict so they can't be used to transport 
data in and out of a company. Vista shipped 
with a new range of Group Policy device 
restrictions, which are found at \Computer 
Configuration\Policies\System\Device 
Installation\Device Installation Restrictions. 
These settings let you prevent specific device 
IDs on your target Vista machines. 

The existing XP population had no 
way to perform anything similar, but the 
Group Policy Preferences Devices node 
now provides some of that device control 
on XP systems. The Devices node is avail¬ 
able for both Computer Configuration and 
User Configuration at \Preferences\Control 
Panel Settings\Devices. Although the Group 
Policy Device Installation Restrictions set¬ 
tings work only for Vista, the Group Policy 
Preferences method works for all its sup¬ 
ported OSs (XP SP2 and later). 
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Figure 3: Re-enabling a device restricted by Group Policy Preferences Devices 


It should be noted, however, that the 
two technologies work fundamentally dif¬ 
ferently. Group Policy Device Installation 
Restrictions prevent users from installing 
drivers for new hardware, so when you 
restrict a specific device from your Vista 
machines, the driver is actually blocked 
from being utilized. This strategy works 
great for USB memory sticks and other 
things that are typically unplugged and 
plugged back in a lot because during 
the next check, the restriction blocks the 
device. 

But Group Policy Device Installation 
Restrictions don't always work as expected 
with devices that are already installed and 
in use on the machine, such as hard disk 
drives, SCSI cards, and scanners. Those 
device drivers are already installed, and 
you don't usually unplug those items and 
put them back in. Therefore, the driver 
isn't ever rechecked and the device isn't 
restricted—even if the policy setting is 
applied. 

The Group Policy Preferences Devices 
extension works differently. It disables the 
actual device or port instead of preventing 
the driver from loading. Therefore, if a device 
is already installed, it can simply be dis¬ 
abled to prevent its use. It should be noted, 
however, that because it only disables the 
device, it doesn't prevent the device driver 


from installing. As 
Figure 3 shows, any 
user with appropri¬ 
ate rights—usually 
local administra¬ 
tors—can simply re¬ 
enable the device. 
But, because regu¬ 
lar users don't have 
access to this abil¬ 
ity, this preference 
setting can help get 
you on the road to 
restricting devices 
right away: As soon 
as the GPO with the 
Group Policy Pref¬ 
erences Devices 
item is received, the 
device is immedi¬ 
ately restricted. 

Handling Users 
and Groups 

Administrators often want to dictate which 
users and groups are permissible on target 
computers. Additionally, some adminis¬ 
trators want to ensure that some group 
memberships within Active Directory (AD) 
are strictly enforced. The Group Policy set¬ 
tings to achieve such control are located 
within \Computer Configuration\Policies\ 
Security Settings\Restricted Groups. These 
settings strictly control group membership 
of either local groups or AD-based groups. 

However, many admins need to con¬ 
trol which users can be part of specific 
local groups. The Group Policy Preferences 
Local Users and Groups option is under 
both the User and Computer nodes under 
\Preferences\Control Panel Settings\Local 
Users and Groups, which means it's very 
flexible. You can also use it to add a new 
user account—complete with all account 
settings—to the computers of your choice. 
The Local Users and Groups extension can 
also delete local groups and cherry-pick 
specific users to delete from groups, which 
is useful, say, if you want to pluck just 
one user out of the local Administrators 
group. 

Note, however, that the Local Users 
and Groups extension works only for 
local users and groups, not AD-based 
groups as the Group Policy Restricted 
Groups function does. 


Customizing the Start Menu 

Managing the user experience is one of the 
strengths of Group Policy, and customizing 
the Start menu has traditionally been an area 
that administrators have taken advantage of. 
You'll find Group Policy Start menu policy set¬ 
tings at \User Configuration\Administrative 
Templates\Start Menu and Taskbar. 

Administrators enjoy the functionality of 
the Group Policy Start menu policy settings, 
but this method isn't perfect. The ability to 
set a baseline preference configuration of 
items is missing. Also, because using Group 
Policy Start Menu and Taskbar settings 
actually restricts the OS—and forces users 
to accept the change—these policy settings 
can be seen as heavy-handed. 

On the other hand, the Group Policy 
Preferences Start Menu settings, found at 
\User Configuration\Preferences\Control 
Panel Settings\Start Menu, are preferences, 
which means they can act more like sugges¬ 
tions for the user. If users doesn't like your 
Start menu settings, you can give them the 
option to change them if they so choose. You 
can change this behavior later by using the 
Apply once and do not reapply option for the 
Group Policy Preferences item. 

Many Options for Control 

The original set of Group Policy settings 
takes us quite far, but as the demands of 
administrators grow, so does the demand 
for new functionality. Group Policy Prefer¬ 
ences add more functionality that admin¬ 
istrators want while preserving the value of 
their original Group Policy investment. 

The original Group Policy settings and 
Group Policy Preferences are meant to be 
used together—not one against the other. If 
you have your own "better together" story 
with Group Policy and Group Policy Prefer¬ 
ences and want to share, I look forward to 
hearing from you at www.GPanswers.com. 
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Smarter tools for a Smarter Planet: 


Thinking outside the box 
depends on what’s in the box. 

The systemic inefficiencies in many server rooms today, in terms of energy 
consumption and utilization, are creating an unsustainable situation. In a 
recent study, an estimated half of all businesses have experienced outages 
due to power and cooling issues 1 . And increasingly, the demands of power 
and cooling, rather than business needs, are dictating the priorities of IT. 

As we build out the infrastructure of a smarter planet, companies need to 
consider not only how much power is under the hood of their next server 
purchase, but also how much energy and money will be needed to 
provide that power. 

That’s where smarter tools like the IBM BladeCenter® HS22 come in. It’s 
a fundamental building block of a smarter kind of infrastructure. The entire 
architecture of the HS22 is designed to give you greater efficiency at 
every level—from its highly efficient design and Intel® Xeon® Processor 
5500 Series to its advanced management software like IBM Systems 
Director, which actively monitors and limits power consumption. And it 
has built-in sensors such as an onboard altimeter that optimizes cooling 
based on elevation, wherever it is in the world. All of these can add up 
to 93% in energy savings over the previous generation of rack servers. 
Learn how you can see a return on investment in as little as three months 2 
at ibm.com/hs22 

A smarter business needs smarter software, systems and services. 

Let’s build a smarter planet. 
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Source: IDC Market Analysis #215870, Volume 1, December 2008, Worldwide Server Energy Expense 2008-2012 Forecast, 2 Return on investment and power savings calculation based on 11:1 consolidation ratio scenario of 166 
Intel 1U 2 socket servers to 14 BladeCenter HS22 servers, and savings in energy costs, software license fees and other operating costs. Actual costs and savings will vary depending on individual customer configurations and environment. 
For more information, visit www.ibm.com/smarterplanet/claims. IBM, the IBM logo, ibm.com, Smarter Planet, BladeCenter and the planet icon are trademarks of International Business Machines Corp., registered in many jurisdictions 
worldwide. Other product and service names might be trademarks of IBM or other companies. A current list of IBM trademarks is available on the Web at www.ibm.com/legal/copytrade.shtml. Intel, Intel logo, Xeon and Xeon Inside are 
trademarks or registered trademarks of Intel Corporation or its subsidiaries in the United States and other countries. © 2009 IBM Corporation. All rights reserved. 










SOLUTIONS PLUS 




Use Remote Desktop Connection 6.1 client and 
Group Policy in Vista SP1 and XP SP3 

by Russell Smith 


W ith application virtu¬ 
alization and Software 
as a Service (SaaS) 
solutions increasing 
in popularity, the line 
between remote, local, 
and virtualized applications is becoming 
more blurred. Among the many improve¬ 
ments to Terminal Services in Windows 
Server 2008 is the ability to display remote 
applications as if they are running locally on 
users' desktops, as opposed to in a remote 
desktop window as in previous versions of 
Windows Server. The appearance of run¬ 
ning locally offers several advantages, such 
as providing a seamless experience, better 
integration with users' desktops, and being 
able to open programs on different Terminal 
Servers simultaneously without having to 
manage a remote desktop window for each 
server. 

However, the improved visual experi¬ 
ence might make it harder for users to 
differentiate between local and remote 
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PROBLEM: 

Being able to map local 
resources to the Terminal 
Server creates the risk that 
users could give away sensitive 
data should they connect to a 
rogue machine. 

SOLUTION: 

Use the Remote Desktop 
Connection 6.1 client 
to digitally sign Remote 
Desktop Protocol (RDP) files, 
then define a list of trusted 
publishers in Group Policy. 

WHATYOU NEED: 

A Windows Server 2008 Active 
Directory (AD) domain, a 
Server 2008 member server 
with Terminal Services and AD 
Certificate Services installed, 
and a Windows Vista SP1 or 
Windows XP SP3 workstation 
joined to the domain. 

SOLUTION STEPS: 

1. Add code signing to the 
list of certificate templates on 
the CA. 

2. Log on to Terminal Server 
and request a certificate. 

3. Create signed RemotedApp 
RDP files. 

4. Configure trusted 
publishers in Group Policy. 


DIFFICULTY: 
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The Modern Client and the Group 
Policy Preferences 

JEREMY MOSKOWITZ 

WIN215: Group Policy in 2009 (Part II): 
Troubleshooting 

JEREMY MOSKOWITZ 

WIN322: How Windows Storage Is 
Changing: Everything's Going VHD! 

MARKMINASI 

WIN208: Leveraging SCVMM for Auto¬ 
mated Provisioning of VMs on Hyper-V 

GUIDO GRILLENMEIER 

WIN306: Managing Administrative Rights 
in Active Directory and on Computers 

DAN HOLME 

WIN216: Microsoft App-V: Howto Keep 
Your Machines from "Blowing Up" 

JEREMY MOSKOWITZ 

WIN217: NAPYourWorld: Howto Keep 
Your Network from Catching the Flu 

JEREMY MOSKOWITZ 


WIN219: Remote Desktop Services in 
Windows 2008 R2 and What We Can Do with 
It, and Maybe, What We Can Get Rid Of 

JOHNSAVILL 

WIN309: RODCs in the DMZ? Never! 

Or Should I? 

GUIDO GRILLENMEIER 

WIN210: Running AD Domain Controllers 
on Hyper-V 

GUIDO GRILLENMEIER 

WIN203: Server Virtualization Security 

ALANSUGANO 

WIN326: The Cheapskate's Advanced 
AD Recovery 

SEAN DEUBY 

WIN311: The Real Challenges of Operating 
Hyper-V Clusters 

GUIDO GRILLENMEIER 

WIN104: Top Items Where Your Company 
can Save on IT Infrastructure 

ALANSUGANO 

WIN120: Virtualization, the Microsoft Way 

JOHNSAVILL 

WIN223: What Server 2008 R2 Does for 
Your Active Directory 

MARKMINASI 


Pre-Conference Workshop • November 9 

WPR301: Group Policy Essentials, 
Security, and Best Practices (9AM 12 PM) 

JEREMY MOSKOWITZ 

Additional Fee: $199 

WPR302: Implementing Server Virtualiza¬ 
tion in Your Company (i pm 4PM) 

ALANSUGANO 

Additional Fee: $199 


Post-Conference Workshop • November 13 

WPS301:The Desktop Is Disappearing: 
Reimagining Cost, Deployment, Security 
and Support (9AM-4PM) 

DAN HOLME 

Additional Fee: $399 
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SharePoint 


CONFERENCE SESSIONS 



^MICROSOFT SESSIONS 

Key technical Microsoft people will present ten great sessions about Microsoft SharePoint 2010 with 
a commitment towards arming the practical programmer with the knowledge you need to get up to 
speed quickly with the SharePoint platform and tools. The specific SharePoint session titles and abstracts 
are under NDA until early August 2009, but we've seen the line-up and know the agenda will help 
make developers and IT professionals both excited and more productive. Visit the SharePoint 
Connections Web site when we reveal the details of this great content. 


SharePoint Development 


HDV307: Building SharePoint Applications 
for Outlook and Exchange 

ERIC MICHEL LEGAULT 

HDV311: Building Information Policy 
Features in SharePoint Server 2007 

JOHN HOLLIDAY 

HDV309: Build Better Records Management 
Solutions Using Dynamic File Plans 

JOHN HOLLIDAY 

HDV310: Building Custom Routers for 
SharePoint Records Management 

JOHN HOLLIDAY 

HDV302: SharePoint 2010 and Services 

ANDREW CONNELL 

HDV315: Client-Side Programming in 
SharePoint Server 2010 

SCOT HILLIER 


HDV304: Automate Business Processes 
Using InfoPath Forms with Integrated 
SharePoint Designer Workflows... All 
Without Coding! 

ASIFREHMANI 

HDV316: Creating RESTful Web Services 
for SharePoint 

SCOT HILLIER 

HDV306: Report on Data from SharePoint 
Lists, Libraries and SQL Databases Using 
Data Views in SharePoint Designer 

ASIFREHMANI 

HDV308: Enhancing Connected 
SharePoint Lists in Outlook 2007 

ERIC MICHEL LEGAULT 

HDV312: Office Document Assembly Made 
Easy with OpenXML and XSLT 

JOHN HOLLIDAY 


HDV301: Enterprise Content 
Management in SharePoint Server 2010 

ANDREW CONNELL 

HDV313: SharePoint and JQuery 
Sitting in a Tree... 

KEVIN ISRAEL 

HDV314: PowerShell for MOSS Developers 
and Administrators 

MICHAEL BLUMENTHAL 

HDV317: External Data Access and 
SharePoint Server 2010 

SCOT HILLIER 

HDV305: Manage Your Business Data in 
Your Databases Using Data View Web 
Part... No Code Needed! 

ASIFREHMANI 

HDV303: SharePoint 2010 Developer 
Overview 

ANDREW CONNELL 

HDV101: Social Networking and Collabo¬ 
ration in Outlook and SharePoint 

ERIC MICHEL LEGAULT 
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SharePoint Admin 


HIT305: Backup and Restore for SharePoint: 
Protecting Mission Critical SharePoint 
Data with New Tools and Technologies 

MICHAEL NOEL 

HIT301: Best Practices for SharePoint 
Governance and Design 

DAN HOLME 

HIT302: Building Document Content Type 
Solutions for SharePoint 

DAVID GERHARDT 

HIT303: Building InfoPath Form Solutions 
for SharePoint 

DAVID GERHARDT 

HIT309: End Excel Hell: Migrate Excel Files 
to SharePoint and Getting Started with 
Business Intelligence 

TY ANDERSON 

HIT310: Implement SharePoint and 
Search for FREE! 

WENDY HENRY 

HIT202: Improving Your SharePoint 
Designer Workflows 

DAVID GERHARDT 


HIT201: Knowledge and Social Network¬ 
ing in the Enterprise 

DAN HOLME 

HIT101: MOSS Administration Roadmap 

MICHAEL BLUMENTHAL 

HIT207: Optimize SQL Server for SharePoint 

WENDY HENRY 

HIT204: Organize Your Intranet Right 
the First Time! 

MICHAEL BLUMENTHAL 

HIT306: Security for SharePoint in an Inse¬ 
cure World: Examining Methods and 
Technologies to Mitigate Threats to 
SharePoint 

MICHAEL NOEL 

HIT304: SharePoint Administration 
with STSAdm...Not. Let's Try It with 
PowerShell Instead! 

KEVIN ISRAEL 

HIT311: SharePoint Data Entry on a Budget 

WENDY HENRY 

HIT203: SharePoint SEO Tips and Tricks 

KEVIN ISRAEL 


HIT312: SharePoint's Cheap and Easy 
Aggregation Tools Save Time and Money 

WENDY HENRY 

HIT307: SharePoint's Virtual Reality; 
Best Practice Virtualization Options for 
a SharePoint Farm 

MICHAEL NOEL 

HIT308: The Ultimate SharePoint Best 
Practices Session: Lessons Learned from 
Years of SharePoint Deployments 

MICHAEL NOEL 


Pre-Conference Workshop • November 9 

HPR303: SharePoint Jump Start: 
Reimagining Collaboration (9AM - 4PM) 

DAN HOLME 

Additional Fee: $399 

HPR301: SharePoint Bl - Building Dazzling 
Dashboards and Sizzling Scorecards in 
SharePoint (9AM - 4PM) 

KEVIN ISRAEL AND JESSICA MOSS 

Additional Fee: $399 


Post-Conference Workshop • November 13 

HPS301: Developers Deep Dive to 
SharePoint Server 2010 (9:00AM - 4:00PM) 

ANDREW CONNELL 

Additional Fee: $399 
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CONFERENCE SESSIONS 


r \ 

MICROSOFT SESSIONS 

EMS01: Lap around Release 2 
of the Microsoft Unified 
Communications Platform 

EMS02: Introduction to 
Microsoft Exchange Server 2010 


EXC01: Accessing Exchange in the Cloud— 
What You Need to Know 

KIERAN MCCORRY 

EXC02: Amaze Your Friends and Users with 
Global Address List Tips and Tricks 

JIMMCBEE 

EXC03: CAS 2010—More Food for Thought 

KEVIN LAAHS 


EXC15: Introduction to Developing with 
Exchange Web Services 

WILLIAM LEFKOVICS 

EXC16: Migrating from Exchange 2003 

MICHAEL B. SMITH 

EXC17: Migrating to Exchange 
High-Availability Solutions 

MICHAEL B. SMITH 


EMS03: Microsoft Exchange 
Server 2007 SP1 and Microsoft 
Hyper-V: Dos and Don'ts 


EXC18: My Exchange 2007 Server Crashed! 
EXC04: Designing Highly Available Solutions Now What Do I Do? 

MICHAEL B. SMITH WILLIAM LEFKOVICS 


EMS04: Migration to Microsoft 
Online Services from Exchange 
and Non-Microsoft Platforms 

EMS05: Microsoft Exchange 
Server 2010 Architecture 

EMS06: Storage in Microsoft 
Exchange Server 2010 

EMS07: Windows Essential Business 
Server 2008: Technologies to Drive 
Cost Out of Midsize Business 

More sessions under wrap right 
now will be posted on the web 
site in August. 

v _ J 


EXC05: E-mail Message Security Revisited 

JIMMCBEE 

EXC06: Exchange 2010—Better with What? 

KEVIN LAAHS 

EXC07: Exchange 2010 and Virtualization 

DONALD LIVENGOOD 

EXC08: Exchange 2010 Deployment and 
Migration Best Practices 

KIERAN MCCORRY 

EXC09: Exchange 2010 HA and Database 
Availability Groups 

DONALD LIVENGOOD 

EXC10: Exchange 2010 Information Pro¬ 
tection and Retention 

KIERAN MCCORRY 

EXC11: Exchange 2010 Overview 

DONALD LIVENGOOD 


EXC19: No SCOM? No MOM? 

You Still Have a PAL 

WILLIAM LEFKOVICS 

EXC20: The Microsoft UC Voice Story 

LEE MACKEY 

EXC21: The OCS R2 Story 

LEE MACKEY 

EXC22: The OCS R2 UC Device Story 

LEE MACKEY 

EXC23: VSS and the Exchange Administrator 

MICHAEL B. SMITH 

EXC24: Zen and the Art of Exchange 
Performance Monitoring 

JIMMCBEE 


Pre-Conference Workshop • November 9 

EPR301: Building Your Own User 
Provisioning System (BRING YOUR OWN 
LAPTOP) (9AM-4PM) 

MICHAEL B. SMITH 


Additional Fee: $399 


EXC12: Exchange Server 2007 
Management Shell Mini-Cookbook 

WILLIAM LEFKOVICS 

EXC13: Exchange Server: 

Your Top Questions Answered 

JIMMCBEE 


EPS301: Exchange 2010, a Unified 
Communications Odyssey 
(9:00AM-4:00PM) 

WADEWARE - PETER O'DOWD, 
LEE BENJAMIN 

Additional Fee: $449 


EXC14: Extending Exchange 2010 

KEVIN LAAHS 


Post-Conference Workshop • November 13 

EPS301: Exchange 2010, a Unified 
Communications Odyssey (9:00AM - 4:00PM) 

WADEWARE 

Additional Fee: $399 
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HOTEL INFORMATION 


November 9-12,2009 

Las Vegas, Nevada 

Mandalay Bay Resort and Casino 


HOTEL ACCOMODATIONS 

Mandalay Bay Resort and Casino, 3950 Las Vegas Blvd. South 
LasVegas, Nevada, is the conference site and host hotel. SPACE 
IS LIMITED so reserve your room early by calling the conference 
hotline at 800/505-1201 or 203/268-3204. 

AIRLINE 

Please call Pericas Travel at 203/562-6668 for 
airline reservations. 



CAR RENTAL 

Hertz is offering auto rental discounts to attendees. Call the Hertz 
Meeting Desk at 800/654-2240 for reservations and refer to code 
CV#010R0039 (Hertz) under Connections Vegas to receive your 
attendee discount. 

ATTIRE 

The recommended dress for the conference is casual and 
comfortable. Please bring along a sweater or jacket, as the 
ballrooms can get cool with the hotel's air conditioning. 

TAX DEDUCTION 

Your attendance to a WinConnections conference may be 
tax deductible. Visit www.irs.ustreas.gov. Look for topic 
513 - Educational Expenses. You may be able to deduct the 
conference fee if you undertake to (1) maintain or improve 
skills required in your present job; (2) fulfill an employment 
condition mandated by your employer to keep your salary, status, 
or job. 

SPONSORSHIP/EXHIBIT 

INFORMATION 

For sponsorship information, contact: Rod Dunlap 

Phone: 480-917-3527 

e-mail: rod@devconnections.com 

See Web site for more details. www.WinConnections.com 


GROUP DISCOUNT 

Register individuals from one 
company at the same time and 
receive a group discount. 

Call 800/505-1201 to take 


1-3 registrants 

$1,595 per person 

Additional registrants 
after the 3rd 

(4th, 5th, 6th...) 

$1,395 per person 

($200 off each) 


advantage of group discount pricing 


NOTES & POLICIES 

The Conference Producers reserve the right to cancel the conference by refunding the registration fee. Producers can 
substitute speakers and topics and cancel sessions without notice or obligation. Updates will be posted on our Web 
site at www.WinConnections.com. Tape recording, photography is not allowed at any session. Conference produc¬ 
ers will be taking candid pictures of events and reserve the right to reproduce. By attending this conference you 
agree to this policy. You may transfer this registration to a colleague by notifying us before the start of the event. 
Please inform us if you have any special needs or dietary restrictions when you register. 

The conference registration includes the following subscriptions. This is not an additional expense and subtrac¬ 
tion from prices listed is not permissible. Windows and Exchange Connections conference registration includes 
a one year (12 issues) print subscription to Windows IT Pro magazine for Windows and Exchange Connections 
conference attendees only. Current subscribers will have an additional 12-months added to their subscription. 
Subscriptions outside of the United States and Canada will be served in digital; $12.50 of the funds will be 
allocated toward a subscription to magazine ($49.95 value). 

Registration & Cancellation Policy: Registrations are not confirmed until payment is received. Cancellations before 
September 29th, 2009 must be received in writing and will be refunded minus a $100 processing fee. After 
September 29th, 2009 cancellations and no shows are liable for full registration, it can be transferred to the next 
WinConnections Conference within 12 months or to another person. Microsoft, Microsoft .NET, ASRNET, Visual Studio. 
NET, C#, Microsoft SQL Server, MSDN, Exchange and Windows are either trademarks or registered trademarks of 
Microsoft Corporation. All other trademarks are property of their owners. 


November 9-12,2009 • Las Vegas, NV • WinConnections.com 


7 











WinConnections 

c/o Tech Conferences, Inc. 

731 Main Street, Suite C-3 
Monroe, CT 0648 

Mailroom: If addressee is no longer here, 
please route to MIS Manager orTraining Director 



WinConnections 






E CHANGE BLons SharePOint WINDOWS Virtualization 

mo HHMMMi CONNECTIONS 




BONUS TRACKS: Cloud Computing, Virtualization, Mobile Development 


November 9-12,2009 • Las Vegas, Nevada • Mandalay Bay Resort and Casino 


JEREMY SEAN ALAN WILLIAM PETER GUIDO 

M0SK0WITZ DEUBY SUGANO LEFKOWITZ O'DOWD GRILLE N M FIE R 








Consolel - [Console Root\Certifica lies - Current LFser\Persona l\Certifica tes] 


^Jn|xJ 


File Action View Favorites Window Help 








I Expii'jtioii De;s j Intended Purpose; ' 


j Console Root 

□ [^P Certificates - Current User 
E S3 Personal 

Certificates 

E [3 Trusted Root Certificat 
E Enterprise Trust 
E LJ Intermediate Certificati 
E C3 Active Directory User C 
E _ Trusted Publishers 
E 23 Untrusted Certificates 
E 23 Third-Party Root Certif 
E S Trusted People 
E Cj Certificate Enrollment F 
E 23 Smart Card Trusted Ro 


Issued io ■ 


Issued By 


^Administrator Administrator 


26/09/2011 File Recovery 


^ Administrator ad-WIN -XFLGTGETKEV9-CA 23/10/3009 Code Signing 


Actions 


Certificates ^ 

More Actions ► 

Administrator 

More Actions ► 


*1 



Figure 1: Personal Certificate Store 

applications. Worse, the ability to map local 
resources to the Terminal Server creates 
the risk that users could give away sensitive 
data should they inadvertently connect to 
a rogue machine. We can't rely on users to 
police this technology. 

To address this problem, Microsoft has 
added the ability to digitally sign Remote 
Desktop Protocol (RDP) files and define a 
list of trusted publishers in Group Policy. 
This enables administrators to restrict RDP 
files to those that are signed with certificates 
defined as trusted, reducing the chances 
that users could mistakenly connect and 
transfer data to a terminal server outside of 
the organization. 

I'll show you howto request a certificate 
from an Active Directory (AD)-integrated 
Server 2008 Certification Authority (CA), 
sign RemoteApp RDP files, and configure 
Group Policy to allow only RDP files signed 
with a specified certificate. You'll need a 
Server 2008 AD domain, a Server 2008 
member server with Terminal Services and 
AD Certificate Services installed, and a 
Windows Vista SP1 or Windows XP SP3 
workstation joined to the domain. 

Request and Install a Certificate on 
Terminal Server 

RDP files should be signed with SSL or 


General Details | Certification Path j 
Show: |<All> 


T3 


Field 


Value 


_Subject Key Identifier 

* j i. Authority Key Identifier 

_CRL Distribution Points 

fe Authority Information Access 
Subject Alternative Name 

_Key Usage 

|__ Thumbprint algorithm 


Thumbprint 


b9c7c0d2 7b cb 9dfbb2.7a .. 
KeylD =ea dc 76 6b 5c e5 3f 4.. 
[1]CRL Distribution Point: Distr.. 
[1]Authority Info Access: Acc... 
Other Name:Principal Name=a.. 
Digital Signature £30) 
shal 


53 Id 87 63 72 8198 ad 23 03.,, 



Learn more about certificate details 


OK 


Figure 2: SHA1 thumbprint 


code-signing cer¬ 
tificates. If you hap¬ 
pen to be running 
Terminal Services 
Gateway, you can 
use your existing 
SSL certificate to sign 
RDP files. In this sce¬ 
nario, however, we're 
using a standard TS 
server and will need 
to obtain a code¬ 
signing certificate 
from our internal 
CA. This means that 
the certificate will be 
trusted only by intra¬ 
net clients, unless it's 
been co-signed by a 
public CA. 

The code-signing 
certificate template isn't enabled by default, 
so first we need to add code signing to the 
list of certificate templates on our CA. Log 
on to your CA as a domain administrator, 
then do the following: 

1. Go to Start, Administrative Tools, 
Certification Authority to open the Certi¬ 
fication Authority Microsoft Management 
Console (MMC). 

2. Expand your CA under Certifica¬ 


tion Authority (Local) and click Certificate 
Templates to display the currently enabled 
templates. 

3. Right-click Certificate Templates and 
select New, Certificate Template to Issue 
from the menu. 

4. In the Enable Certificate Templates 
dialog box, select Code Signing from the list 
and click OK. 

5. Back in the Certification Authority 
MMC, Code Signing should now be shown 
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Figure 3: Certificate details in RemoteApp Deployment Settings 


in the list of certificate templates. Close the 
Certification Authority MMC. 

Now that we've added code-signing to 
the list of templates, we need to log on as 
a domain administrator to Terminal Server 
and request a code-signing certificate: 

1. Type MMC in the Search box on the 
Start menu and press Enter. 

2. In the MMC window, select Add/ 
Remove Snap-In from the File menu. 

3. In the Add or Remove Snap-ins dia¬ 
log box, select Certificates under Available 
snap-ins and click Add in the center of 
the window. Select My user account in the 
Certificates snap-in dialog box and click 
Finish. 

4. Click OK. 

5. In MMC, expand Certificates - Cur¬ 
rent User, then Personal. 

6. Right-click the Certificates folder 
under Personal and select All Tasks, 
Request New Certificate. 

7. Click Next on the Before You Begin 
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screen in the Certificate Enrollment dialog 
box. Select Code Signing under Request 
Certificates and click Enroll. 

8. The status should display Succeeded 
under Certificate Installation Results. Click 
Finish. The new code-signing certificate 
should now appear in your personal certifi¬ 
cate store. (See Figure 1 on page 33.) 

9. Double-click the code-signing cer¬ 
tificate in the central pane and select the 
Details tab. 

10. Make sure that Show is set to All 
and scroll to the bottom field, which is 
the SHA1 thumbprint shown in Figure 2 
on page 33. Make a note of the number or 
copy it to Notepad, as you'll need it later. 

11. Click OK on the Certificates dialog 
box, then close the Certificates MMC. 

Sign RDP Files 

Our code-signing certificate is now in place 
on the terminal server. Next, we can create 
signed RDP files for previously existing or 
new RemoteApps. 


1. On the terminal server, open Termi¬ 
nal Services RemoteApp Manager by going 
to Start, Administrative Tools, Terminal 
Services. 

2. On the right of Digital Signature Set¬ 
tings click Change in the Overview section 
of the TS RemoteApp Manager window. 

3. In the RemoteApp Deployment Set¬ 
tings dialog box, make sure that the Digital 
Signature tab is selected and select the 
check box Sign with a digital certificate. 

4. Under Digital certificate details click 
Change. In the Select Certificate dialog 
box, select your code-signing certificate 
from the list and click OK. 

5. The details of the certificate should 
appear in the RemoteApp Deployment 
Settings dialog box, which Figure 3 shows. 
Click OK. 

Any RemoteApps you add to this server 
will now be published with a digitally signed 
RDP file. Let's add WordPad as a RemoteApp 
and create an RDP file: 

1. In TS RemoteApp Manager, click Add 
RemoteApp Programs in the Actions pane 
on the right. Click Next in the RemoteApp 
Wizard. 

2. Select WordPad in the RemoteApp 
Programs list and click Next. 

3. Click Finish on the Review Settings 
screen. 

4. WordPad should now appear at the 
bottom of the TS RemoteApp Manager 
window under RemoteApp Programs, 
which Figure 4 shows. Select WordPad 
under RemoteApp Programs and click 
Create .rdp File beneath WordPad on the 
Actions pane. 

5. Click Next in the RemoteApp Wizard, 
leaving everything as default on the Specify 
Package Settings screen. Note that the file 
will be signed with your certificate. Click 
Next, then Finish on the Review Settings 
screen. 

The default location for RDP files created by 
TS RemoteApp Manager (C:\Program Files\ 
Packaged Programs) should now open, 
showing you the new file, wordpad.rdp. 

Configure Trusted Publishers in 
Group Policy 

The default configuration for Remote Desk¬ 
top Connection in Group Policy is to allow 
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all files to be run: unsigned, trusted, or oth¬ 
erwise. Let's configure Group Policy so that 
only RDP files signed using our certificate 
can be run on our workstation: 

1. Open Group Policy Management 
Console (GPMC) and expand your forest, 
domain, and the Group Policy Objects 
folder. 

2. Right-click the Group Policy Objects 
folder, and select New from the menu. Call 
the new GPO RemoteApp Trusted Publish¬ 
ers, and click OK. 

3. Right-click the new GPO under 
Group Policy Objects, and select Edit from 
the menu. 

4. In the Group Policy Editor window 
under Computer Configuration, expand 
Policies, Administrative Templates, Win¬ 
dows Components, Terminal Services, 
and click Remote Desktop Connection 
Client. 

5. In the right pane, disable the first 
two settings, Allow .rdp files from valid 
publishers and user's default .rdp settings 
and Allow .rdp files from unknown pub¬ 
lishers. 

6. Change to the GPMC window and 
link the new GPO to your domain. Right- 
click the domain, in this case ad.contoso 
.com, in the left pane of GPMC and select 


Link an Existing GPO from the menu. 

7. In the Select GPO dialog box, select 
the RemoteApp Trusted Publishers GPO 
from the list and click OK. 

At this point, log on to your worksta¬ 
tion as a domain administrator, and force a 
Group Policy update by running 

gpupdate /force 

from the command line. After Group Policy 
has refreshed, run wordpad.rdp from the 
Packaged Programs folder on the termi¬ 
nal server. You should find that the file is 
blocked. 

Back in Group Policy Management Edi¬ 
tor, let's continue to configure our GPO. Now 
we add our code-signing certificate to the 
list of trusted publishers: 

1. Double-click Specify SHA 1 thumb¬ 
prints of certificates representing trusted 
.rdp publishers in the right pane of the edi¬ 
tor window. 

2. Select Enabled in the policy setting 
dialog box and enter the SHA 1 thumbprint 
for the code-signing certificate that you 
saved earlier. The thumbprint should be 
entered without spaces. 

3. Back on the workstation, force a 


Group Policy refresh as you did before. 

This time you should find that wordpad 
.rdp will run without any warnings. 

Restricting Access at a 
Granular Level 

Microsoft also provides a command-line 
tool for signing RDP files, rdpsign.exe. 
Additionally, you can also add Termi¬ 
nal Services Web Access to the setup I 
described. Your certificates and Group 
Policy configuration will apply to Remote- 
Apps launched from the TS Web Access 
site. 

The capability to restrict powerful 
features such as the Remote Desktop Con¬ 
nection client at a granular level is impor¬ 
tant. Similar to software restriction policy, 
restricting individual RDP files based on 
digital certificates reduces the likelihood 
that users will connect to terminal servers 
other than those permitted by systems 
administrators. ^ 

InstantDoc ID 102277 


Russell Smith 

(rms45@rsitc.com) is an indepen¬ 
dent IT consultant. He has been 
working in IT since 2000, special¬ 
izing in systems management and 
security. 




Figure 4: Adding WordPad as a RemoteApp 
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Introducing 
Server Room in a Box. 

APC integrated cooling future-proofs your 
IT room without breaking the bank 

Is your server room a barrier to adopting new technologies? 

Consolidation, virtualization, network convergence, blade servers—these new tech¬ 
nologies improve efficiency, cut costs, and allow you to “do more with less.” But 
they also bring high-density power, cooling, and management challenges that server 



APC rack- 
based cooling 
draws in hot 
air from the 
rear, at its 
source, and 
then sends 
conditioned 
air out the 
front, ready 
to be used 
by adjoining 
racks. 


rooms were never designed to handle. You’re relying on guesswork, depending on 
building air conditioning, or improvising remedies. So, how can you increase the level 
of reliability and control in your server room without spending a fortune? 

Introducing the APC by Schneider Electric total server room solution 

Now you can get power, cooling, monitoring, and management components that 
easily deploy together as a complete, integrated solution. Everything has been pre¬ 
engineered to work together and integrate seamlessly with your existing equip¬ 
ment. Just slide this proven, plug-and-play solution into most existing spaces— 
there’s no need for confusing cooling configurations or expensive mechanical re¬ 
engineering. The modular, “pay as you grow” design lets you be 100% confident 
that your server room will keep pace with ever-changing demands. 

Future-proof your server room easily, cost-effectively 

APC takes the hassle out of configuring server rooms. Self-contained InRow cool¬ 
ing units, high-density NetShelter enclosures, and the APC rack air containment 
system combine to create a proper IT ecosystem in almost any surrounding. Rack- 
level monitoring sensors, intelligent controls built into the cooling unit, and inte¬ 
grated management software provide complete remote control and unprecedented 
visibility into the entire system. Simply add power protection (like undisputed best- 
in-class Smart-UPS or Symmetra units) and you have a total solution for today, 
tomorrow, and beyond. 


If you have dedicated IT space... 

Get pre-validated, 
high-density cooling 
as a single offering. 

APC InRow SC System combines an InRow 
SC precision cooling unit (up to 7kW 
capacity), NetShelter SX rack enclosure, 
and Rack Air Containment system and, for a 
limited time, at a specially discounted price. 


If you don't... 


Introducing the NetShelter CX: Portable 
server cabinets, with extreme noise reduction, 
designed for office environments. 





Learn how to reduce cooling expenses 
with our FREE Cooling Efficiency kit. 


Visit www.apc.com/promo Key Code k300w • Call 888-289-APCC x6075 • Fax 401-788-2797 



by Schneider Electric 
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• Mail-enabled universal distribution groups—AD distribution 
group objects that are mail-enabled; their sole purpose is to 
distribute messages to a group of recipients. 

• Mail-enabled universal security groups—AD security group 
objects that are mail-enabled; they can be used to grant access 
permissions to resources in AD, as well as to distribute mes¬ 
sages. 

• Mail-enabled non-universal groups—carryovers from migrated 
mail-enabled groups from previous versions of Exchange. (In 
Exchange 2007, you can create or mail-enable only universal 
groups.) Although EMC shows mail-enabled non-universal 
groups, the actual administration you can perform on them is 
limited. Because maintaining non-universal groups can create 
problems with membership expansion, you should switch to 
universal groups if possible. 

• Dynamic distribution groups—offshoots of Exchange 2003 ; s 
query-based distribution groups. In Exchange 2003's query- 
based groups, you provide an LDAP query to dynamically build 
membership. In Exchange 2007, membership is based on spe¬ 
cific recipient filters rather than a defined set of recipients. 


efore Microsoft Exchange Server became so closely 
connected to Active Directory (AD), administrators 
had to use static distribution lists to manually handle 
list memberships. Starting with Exchange Server 
2000, AD was directly integrated into Exchange. 
Exchange Server 2003 saw the creation of distribu¬ 
tion groups (and query-based distribution groups), which are 
populated by static memberships. Exchange Server 2007 intro¬ 
duced dynamic distribution groups, which are defined by filters and 
conditions each time a message is sent to the group. In this article 
I explain how to create traditional static distribution groups and 
Exchange 2007 dynamic distribution groups. 


Types of Distribution Groups 

Whether you create your own distribution groups, or they are 
pulled from a previous version of Exchange during a migration, 
four distinct types of distribution groups exist (beyond what you 
might think of as simply static versus dynamic groups). Exchange 
Management Console (EMC) displays these four types of distribu¬ 
tion groups and represents each with a separate icon. 
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Creating a Traditional Distribution 
Group 

To create a new distribution group, perform 
the following steps: 

1. Open EMC. 

2. From the navigation tree in the 
left-hand pane, select the Recipient Con¬ 
figuration container and click Distribution 
Group. 

3. In the Actions pane youll see two 
options for creating distribution groups: 
New Distribution Group and New 
Dynamic Distribution Group. Select New 
Distribution Group. 

4. The wizard's Introduction dialog box 
gives you the option of creating a distribu¬ 
tion group for a new or existing group. If 
you have an existing universal security 
group that isn't mail-enabled, you can 
browse to the group and configure it as a 
Mail-Enabled Universal Security Group. 
You can also create a new distribution 

or security group. If you don't have the 
administrative permissions to directly 
create a security group or handle its 
membership, you can work with your AD 
administrators to ensure that the group 
exists on the AD side, then use EMC to 
mail-enable the group on the Exchange 
side. In this case, select New Group. 

5. In the Group Information dialog 
box, which Figure 1 shows, 

enter the following informa¬ 
tion: 

a. Group type: Select 
Distribution. 

b. Organizational unit: 

Browse to select a location. 

c. Name: Enter the group 
name, which can't exceed 
64 characters. 

d. Name (pre-Windows 
2000): Because of legacy 
naming, this name is auto¬ 
matically populated by the 
Name field and should be 
correct. 

e. Alias: By default, the 
alias is the same as the dis¬ 
tribution group's name. You 
can change the alias, which 
you might do if you want to 
give the group an alterna¬ 
tive name (e.g., if you want 
the alias to be unique com¬ 
pared with the AD-oriented 
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security group). Like the name itself, 
the alias can't exceed 64 characters. 

In addition, the alias must be unique 
within the forest. 

f. Click Next when you finish 
entering information in the Group 
Information dialog box. 

6. In the New Distribution Group dia¬ 
log box that opens, review the configura¬ 
tion summary to confirm the information, 
then click New. 

7. Once the group is created, you'll see 
a Completion screen with a green check 
mark that says Completed. Click Finish. 

After you create a new distribution group, 
it will appear under your Recipient Con¬ 
figuration, Distribution Group node, as well 
as in the Microsoft Management Console 
(MMC) Active Directory Users and Com¬ 
puters snap-in. If you open the group from 
Active Directory Users and Computers, 
you can see that it's a universal distribu¬ 
tion group. If you select the Members or 
Member Of tabs (from Active Directory 
Users and Computers or from EMC), you'll 
see that the tabs are empty because the 
group is brand new. You must specify the 
membership. 

Mail-Enabling a Distribution Group 

To mail-enable a preexisting group, 


perform the following steps: 

1. Open EMC. 

2. From the navigation tree, select the 
Recipient Configuration container and 
click Distribution Group. 

3. In the Actions pane, select New Dis¬ 
tribution Group to begin the wizard. 

4. As before, the wizard's Introduction 
dialog box gives you the option of creating 
a distribution group for a new or existing 
group. In this case, select Existing Group. 

5. Click Browse. Notice that all the 
options presented are universal groups. 
You'll be able to see all your universal 
groups, whether distribution groups or 
security groups—but local and global 
groups won't be visible. 

6. Select the group you want to mail- 
enable, and click Next. 

7. In the Group Information dialog box 
that appears, the only item you can change 
is the alias. Click Next. 

8. Review the configuration summary 
and click New. 

9. Once the group is mail-enabled, 
you'll see the green Completed check 
mark. Click Finish. 

To add members to or remove members 
from a distribution group, open the group 
from the Recipient Configuration, Distribu¬ 
tion Group node (or from Active Directory 
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Figure 1: Creating a new distribution group 


38 AUGUST 2009 Windows IT Pro 


We're in IT with You 


www.windowsitpro.com 







































EXCHANGE 2007 DISTRIBUTION GROUPS 



Figure 2: Configuring conditions for a dynamic distribution group 


Users and Computers). Select the 
Members tab and click Add to add 
a member. To remove a member, 
select the user and click the X. 

Creating a Dynamic 
Distribution Group 

To create a dynamic distribution 
group, perform the following 
steps: 

1. Open EMC. 

2. From the navigation tree, 
select the Recipient Configura¬ 
tion container and click Distribu¬ 
tion Group. 

3. In the Actions pane, select 
New Dynamic Distribution 
Group to begin the wizard. 

4. In the Introduction dialog 
box, you can select an organi¬ 
zational unit (OU) in which to 
place the group. The default OU 
is Users; click browse to select 
a different container. Provide a 
name and alias for the group, 
and click Next. 

5. In the Filter Settings dialog box, 
you must select the recipient container 
where you want to apply the filter. Again, 
the default is Users but you can click 
Browse to locate a different container and 
more narrowly define the group to an OU. 
Depending on your AD organizational 
structure, this setting can reduce the load 
on the Exchange server in determining 
how to apply precanned filters. You must 
also specify whether to include all recipi¬ 
ent types or specific recipient types, such 
as the following: 

a. Users with Exchange mailboxes 

b. Users with external email 

addresses 

c. Resource mailboxes 

d. Contacts with external email 

addresses 

e. Mail-enabled groups 

Click Next after making your selections. 

6. In the Conditions dialog box, which 
Figure 2 shows, the initial conditions (i.e., 
precanned filters) include Recipient is in a 
State or Province, Recipient is in a Depart¬ 
ment, and Recipient is in a Company. You 
can also establish values for various cus¬ 
tom attributes. After you select a condition 
in Step 1, you edit or specify the condition 
in Step 2. For example, you might select 
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the condition Recipient is in a Department, 
then specify the Marketing department. 

For more information about configuring 
custom attributes, see the sidebar "Cus¬ 
tom Attributes in Exchange Server 2007 
Dynamic Distribution Groups," page 40. 

7. You can click the Preview button to 
see which users will be in the dynamic dis¬ 
tribution group you created, based on filter 
settings and conditions. Click Next when 
you're done configuring conditions. 

8. Review the configuration summary 
and click New. 

9. Once the group is created, you'll see 
the green Completed check mark. Click 
Finish. 

After you create a dynamic distribution 
group, you can change the group's filter 
and condition settings in EMC. Although 
the group will also have an AD object, you 
won't be able to configure its properties 
through Active Directory Users and Com¬ 
puters. 

Because dynamic group membership 
is calculated every time a message is sent 
to the group, an individual might be part 
of a group one moment and not part of the 
group the next moment if the individual 
falls out of the group's recipient scope. 
You should use dynamic groups sparingly 
because of the increased load placed on the 
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server that is tasked with comparing your 
predefined criteria to the list of recipients. 

Configuring Expansion Servers 

Although distribution groups typically 
reduce administration costs and time, they 
also require more server resources in terms 
of CPU and RAM. The Hub Transport 
servers typically take the performance hit, 
because these servers are used in recipi¬ 
ent resolution (i.e., the process by which 
recipients of a message are expanded and 
resolved). Messages are received in the 
Hub Transport server's Submission queue 
and are then categorized by the catego- 
rizer or resolver before being placed in the 
Delivery queue. These transactions can 
occur hundreds or even thousands of times 
every day. 

By default, distribution groups are 
expanded on any server in an organiza¬ 
tion. To prevent mail flow impediment, you 
might want to select a specific expansion 
server for very large distribution groups. To 
do so, perform the following steps: 

1. Open EMC. 

2. From the navigation tree, select the 
Recipient Configuration container and 
click Distribution Group. 

3. Select the distribution group or 
dynamic distribution group from the 
Results pane. 
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Figure 3: Configuring an expansion server 


4. Select Properties 
in the Actions pane, and 
click the Advanced tab. 

5. As Figure 3 shows, 
the default Expansion 
server setting is Any 
server in the organiza¬ 
tion. You can use the 
drop-down list to select 
a particular Hub Trans¬ 
port server to handle the 
expansion list. 

6. Click OK to finish 
the process. 

If you select a specific 
server for your distribu¬ 
tion group expansion, 
you might run into prob¬ 
lems if the server is offline 
when a message is sent 
to that group. The mes¬ 
sage will sit in the queue 
and won't be delivered. 

If you're planning to per¬ 
form server maintenance, 
be sure to change the 
expansion server for the groups that will 
be affected. 

When you select an expansion server, 
you can also configure the following set¬ 
tings: 

• Hide group from Exchange address 
lists—Users can send email messages 
to a group through its email address 


directly, but the group won't show in 
the address lists. 

Send out-of-office messages to origina¬ 
tor—If you send an email message to a 
group and someone in the group has his 
or her out-of-office message enabled, 
you'll receive an out-of-office reply. 
Leave this check box blank if you want 
to reduce the amount of unnecessary 


traffic on your server. 

• Send delivery reports to group man¬ 
ager—Only the distribution group man¬ 
ager will receive the nondelivery report. 

• Send delivery reports to message origi¬ 
nator—This is the default setting. 

• Do not send delivery reports—This 
option can minimize unnecessary 
traffic. 

Distribution Direction 

The benefit of Exchange 2007 distribution 
groups is that users can use one email 
address to reach multiple recipients. The 
caveat for administrators is that your serv¬ 
ers can take a big performance hit when 
large groups are expanded out for recipient 
resolution. However, the positive aspects 
of Exchange 2007 distribution groups far 
outweigh the negative—so, go forth and 
distribute. ^ 
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Custom Attributes in Exchange 
2007 Dynamic Distribution Groups 

If you want to go beyond Exchange Server 2007's precanned filters 

for dynamic distribution groups, you can configure custom attributes. You must configure 
custom conditions not only on the dynamic distribution group side, but also on the recipient 
side—by ensuring that recipients that fall into the scope of an attribute have the attribute 
configured correctly within their recipient properties. 

To establish a custom attribute that will be used by a dynamic distribution group's Condi¬ 
tions setting, navigate to the Recipient Configuration container in EMC, select the Mailbox 
node, and select Recipient Properties for the recipient you want to configure. Select the Gen¬ 
eral tab and click Custom Attributes. 

You can also use PowerShell cmdlets and pipelining to create custom attributes in bulk. 
The Exchange Management Shell cmdlet to create a new distribution group is New- 
DistributionGroup; the cmdlet to create a new dynamic distribution group is New- 
DynamicDistributionGroup. 
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ometimes you need to get a quick look at your Active Directory (AD) numbers: how many 
Account Operators you have, how many Domain Admins, how many Groups. Fve created 
a script you can use, ADacctCounts.vbs, to keep track of actual numbers of AD objects 
so you can see current numbers and how the counts have varied from previous runs. A 
companion script, ADacctCountsToXL.vbs, lets you produce a Microsoft Excel report from 
the resulting database. 

As a foundation for ADacctCounts.vbs, I used a previous script I created called AccountTracker 
.vbs. You can read more about that script, which keeps track of changes to various AD objects, in 
"Track Active Directory Changes" (windowsitpro.com, InstantDoc ID 100428). The script I'll walk you 
through now, ADacctCounts.vbs, and its companion script, ADacctCountsToXL.vbs, retrieve just the 
numbers of AD objects. 



A script that 
counts AD 
objects 

by Jim Turner 


Howto Use the Script 

Currently I am running the script once a week via a scheduled task. At the end of the month, the data 
is analyzed to get an idea of that month's growth or decline in specific areas of AD. A monthly report 
helps our managers visualize the current ratio of admins to users and computers. 

The use of this script is relatively new, so we haven't produced a yearly report from it yet. How¬ 
ever, at the end of the fiscal year we will perform a similar analysis with it, perhaps create some trend 
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Listing 1: ADacctCountsToXL.vbs 


■ GROWTH TRACKER 


On Error Resume Next 

(AjDBPath = "C:\scripts\ADacctTrack\" 

AccountCountDB = DBPath & "ADAccountCounts.xml" 

Set fso = CreateObject("Scripting.FileSystemObject") 

If fso.FileExists(AccountCountDB) Then 
Set DRS = CreateObject(“ADODB.Recordset”) 

DRS.Open AccountCountDB 

(b) DRS.Sort = "RunDate ASC" 

Else 

Set fso = Nothing 

strMessage = AccountCountDB & " Not Found...Terminating Script!" 
strScriptName = "AD Account Counts" 

CreateObject("WScript.Shel1").Popup strMessage,10,strScriptName,vblnformation 

Wscript.Quit 

End If 

Set XL = CreateObject("Excel.Application") 

XL.Workbooks.Add 

XL.Sheets.Add.name = "AccountCounts" 

XL.Sheets("AccountCounts").Sel ect 
XL. Visible = TRUE 

(OSet FldRef = CreateObject("Scripting.Dictionary") 

Set objFields = DRS.Fields 

'Use number of fields to set array dimension 
'reduce number by 2. One to account for zero based array 
'and another to omit 'RunDate' field 
FldDim = obj Fields, count - 2 

Dim DRSFieldsO 

Redim Preserve DRSFields(flddim) 
incr = 0 

For Each obj Field In obj Fields 

'This block of code sets up a Field/Row association 
'A specific field will have a specific Row in the Excel spreadsheet 
' 'Rundate' is the first field in the database and is not 
' used as a Row so it is ignored. Fields start on Row 2 
' Rundate dates start in Col 2. This format is good for charts 
If Lcase(objField.Name) <> "rundate" Then 
'Field name and Row assignment 
FIdRef.Add obj Field.Name,incr+2 
DRSFi elds (incr) = obj Field. Name 
incr = incr + 1 
End If 
Next 

fp) 'Fill Column A with Fieldnames 
For i = 0 to Ubound(DRSFields) 

'start at row 2 

XL. Cel ls(i+2,1)-Value = DRSFi el ds(i) 

Next 

Col = 2 

(e) DRS.MoveFirst 

Do while Not DRS.EOF 

StoreDate = DRS.Fields.Item("RunDate") 

XL.Cells(l,Col).Value = Cstr(DRS.Fields.Item("RunDate")) 

Do While StoreDate = DRS.Fields.Item("RunDate") 

For i = 0 to Ubound(DRSFields) 

If FldRef.Exists(DRSFields(i)) Then 
'find associated Field/Row 
Row = FldRef .item(DRSFields(i)) 

XL. Cel Is (Row, Col) .Value = Cdbl (DRS. Fields. Item(DRSFields(i))) 

End If 
Next 

DRS.MoveNext 
If DRS.EOF Then 
Exit Do 
End If 
Loop 

'put next rundate in next column 
Col = Col + 1 
Loop 

DRS.Close 

Set fso = nothing 

Set DRS = nothing 

XL.Cel 1s.EntireColumn.AutoFi t 

XL.Range("Al").Select 

strMessage = "Done" 
strScriptName = "AD Account Counts" 

CreateObject("WScript.Shel1").Popup strMessage,15,strScriptName,vblnformation 


charts, and send those reports to upper 
management to use with other reports. 
These will provide solid information to aid 
in employment and equipment forecasting, 
growth analysis, and support requirement 
analysis. 

The code in ADacctCounts.vbs gathers 
totals for each of the defined categories 
and writes a total to that category's field. 
The database created and maintained by 
ADacctCounts.vbs contains only one record 
in the database per run. That one record 
does, however, contain quite a few fields: 
one field for every category plus a Rundate 
field—totaling twenty fields in all. 

It's possible to run ADacctCounts 
.vbs manually as needed, but I recom¬ 
mend setting it up to run as a sched¬ 
uled task that runs every week or two. 
To produce the Excel report from the 
database, you will need to run the com¬ 
panion script ADacctCountsToXL 
.vbs, which is included in the download 
files and is the main focus of this article. 

You can run ADacctCountsToXL.vbs 
as often as you like or whenever you need 
to—the script doesn't make any changes to 
the database; it simply reads the database 
and populates an Excel spreadsheet with 
the AD category counts listed in columns 
by Rundate. The spreadsheet would look 
something similar to what you see in Fig¬ 
ure 1, page 45. Notice the Rundates appear 
as column headers and the Categories 
all appear in Column A as individual row 
headers. Don't pay too much attention to 
the totals in the example—I just made those 
numbers up. 

Getting Started with ADacctCounts 
.vbs and ADacctCountsToXL.vbs 

To run these scripts properly, you will need 
to create a C:\Scripts\ADacctTrack folder 
or edit each of the scripts and modify the 
DBPath statement in each script to point 
to the folder of your choice. 

You'll also want to check the Distin- 
guishedName Query Array (DNQA) 
element values in ADacctCounts 
.vbs and ensure that the distinguished 
names are correct for your domain. 

If you haven't moved any of the default 
Builtin or User groups, you probably won't 
have to change any of these elements, but 
if your Domain Admins were in the Builtin 
container and not the Users container for 
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■ GROWTH TRACKER 

instance, you'd need to change 

DNQA(3) = "CN=Domain Admins,CN= 

Users," & DNC 

to 

DNQA(3) = "CN=Domain Admins,CN= 

Bui1 tin," & DNC 

DNC should remain untouched; that's the 
domain's Default Naming Context, which 
gets concatenated to the portion of the 
DistinguishedName that you see within the 
quotation marks. 

If you haven't read "Track Active 
Directory Changes" (windowsitpro.com, 
InstantDoc ID 100428) yet, you might want 
to take a look at it. It will give you a more 
thorough explanation of the inner work¬ 
ings of ADacctCounts code and the logic 
behind it. 


Using ADacctCountsToXL.vbs 

Let's examine ADacctCountsToXL.vbs, 
which creates the Excel spreadsheet from 
the database. This script has some unique 
characteristics that I think you'll find inter¬ 
esting. First, its main function is to retrieve 
data from a database and lay that data out 
in a spreadsheet in a manner conducive 
to creating Excel Growth or Trend Charts. 
That is, the column headers run along the 
horizontal axis, the categories run along 
the vertical axis, and the associated counts 
fall into place where horizontal and verti¬ 
cal meet. 

Make sure that you have the appropri¬ 
ate path set up to access the ADacctCounts 
database by checking the DBPath state¬ 
ment, which Listing 1, callout A, shows. 
Also note at callout B how I sort the data¬ 
base by Rundate: 

DRS.Sort = "RunDate ASC" 


If you prefer to have the Rundate columns 
appear in the spreadsheet so that the most 
recent date is always in view (always the 
leftmost column), simply change ASC 
(ascending) in the sort statement to DESC 
(descending). 

A Useful Script Technique 

I want to point out a technique I use in this 
script that virtually eliminates the need to 
hard-code the field names of the categories. 
Remember, I have 19 category fields—and 
the only hard-coded field name out of the 
entire database in this script is "Rundate" 
and that's mainly because it's used as the 
looping control for this routine. Basically 
when the Rundate changes while stepping 
through the database, it's time to move on to 
the next record and increment the column 
number for the next Rundate column. 

The technique deals with retrieving 
any number of category fields and 
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Figure 1: Script output populates an Excel spreadsheet with AD category counts 
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programmatically determining which row 
each of the category counts will be placed 
in. The trick is to utilize a dictionary object 
that holds each of the category field names 
as dictionary keys and an associated row 
number as the dictionary item element. All 
you have to do is cycle through all of the fields 
and store the field name and row number 
to the dictionary, which the code at callout 
C shows. Please make sure you read the 
comments within the entire callout, as they 
elaborate key points. 

You'll also notice that within this sec¬ 
tion I store the field names to an array 
called DRSFields. As I mentioned earlier, 
I take advantage of acquiring the category 
headers by storing them to an array. Then 
I simply iterate through the array and fill in 
the category headers in the spreadsheet by 
using the code at callout D. 

As you're stepping through each field 
of each record in the database, you use the 


field names to look up the row number in 
the dictionary, and use that number along 
with the column number to place the 
actual Category Count value in place on the 
spreadsheet. You can see how that's done 
by reviewing the code at callout E. 

I think this routine is fairly portable and 
something that you might want to consider 
incorporating into your ADO-based scripts 
the next time you're thinking of creating 
spreadsheet output from databases that 
have a number of fields to traverse. It might 
well save you a ton of time and coding. ^ 
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Best of Tech Ed 2009 

AWARD WINNERS 

by the Windows IT Pro and SQL Server Magazine editors 


In Los Angeles, we 
narrowed an impressive 
field of more than 170 
submissions down 
to 13 winners. 


T he Best of TechEd Awards—produced and presented by Windows IT Pro and 
SQL Server Magazine —recognize the most innovative products and services 
offered by Microsoft partners that exhibited at TechEd 2009, held in June 2009 
at the Los Angeles Convention center. 

Our judging panel consisted of Windows IT Pro and SQL Server Magazine 
editors who combed through an impressive collection of more than 170 sub¬ 
missions and came up with 35 finalists in 13 categories. Onsite in Los Angeles, Technical 
Director Michael Otey, Editor-in-Chief Jeff James, and Executive Editor Sheila Molnar 
interviewed the finalists and evaluated the products to determine a final list of winners. 

Our judges evaluated the entries based on three criteria: strategic importance, com¬ 
petitive advantage, and value to customers. We also selected a Best Microsoft Product, 
and show attendees cast their own votes to determine the winner of the prestigious 
Attendees' Pick Award. 



Data Robotics'Jeff Nguyen, Solutions Architect 


Breakthrough Product: Data Robotics—DroboPro 

DroboPro is a new storage array that employs an innovative storage-virtualiza¬ 
tion platform to provide a scalable, easy-to-use storage option for SMBs. No 
need to remember annoying details such as the differences between RAID 0, 
RAID 1, and RAID 5—DroboPro figures that out for you. 

Best Microsoft Product: Microsoft—Microsoft SQL Server 2008 

Few products are as integral to a modern business IT infrastructure as SQL 
Server 2008. It serves as the foundation for many other Microsoft applications 
and is rapidly adding features that make it a top-notch business intelligence 
platform, as well. 

Business Intelligence Developer Express—DevExpress Analytics 

DevExpress Analytics provides Pivot Grids and Charts for Winforms and ASP 
.NET AJAX. It has comprehensive data mining and analytics, and provides an 
elegant charting and graphing library. 

Database Administration: xkoto—GRIDSCALE for SQL Server 

xkoto's GRIDSCALE for SQL Server emulates SQL Server and sits between 
applications and SQL Server systems. It's an active-active system with no down¬ 
time, so there's continuous availability, and no single point of failure. It's several 
times faster than the competing Oracle RAC, which could make it compelling 
to enterprises considering a switch. 
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Database Development: Quest 
Software—Quest Toad for SQL Server 

A fully featured development tool for 
managing SQL Server, Quest Toad for 
SQL Server is particularly useful for busi¬ 
nesses running multiple versions of SQL 
Server. It connects to SQL Server 2000 
or later and provides advanced T-SQL 
performance tuning and transaction log 
recovery. 

Developer Tools: AVIcode— 

AVIcode Intercept Studio 

AVIcode Intercept Studio is a .NET appli¬ 
cation monitoring product that you use 
to detect and troubleshoot .NET appli¬ 
cations. Intercept Studio also employs 
a low-overhead approach that makes it 
ideal for tracking application performance 
throughout the development lifecycle. 

Hardware, Networking, and 
Storage: HP—StorageWorks Enterprise 
Virtual Array 

A virtualized midrange storage array, the 
HP StorageWorks Enterprise Virtual Array 
(EVA) offers an impressive amount of per¬ 
formance and flexibility at a competitive 
price point. Products in the EVA range can 
support from 96 to 324 individual drives 
and storage capacities ranging from 96TB 
to 324TB. 

Messaging: Sherpa Software— 

Mail Attender for Exchange 

Sherpa Software's Mail Attender for 
Exchange provides Exchange adminis¬ 
trators with a flexible toolbox of useful 
Exchange utilities, ranging from automated 
scheduling of common policies to flexible 
transfer/migration rules. 

Productivity and Collaboration: 

Axceler—Control Point 

Axceler ControlPoint helps IT pros get bet¬ 
ter control of their SharePoint environment 
through permissions management, con¬ 
tent management, in-depth usage analysis, 
policy enforcement, and flexible alerts and 
scheduled analyses. 

Security: Specops Software— 

Specops Password Reset 

Dealing with users who've forgotten their 
passwords can consume a lot of time for 



1. JNBridge’s Paul Sommer, Technical Director of 
Sales and Support Services; Deborah Arhelger, 
COO; Wayne Citrin, CTO. 2. Axceler's Ken Allen, 
Director of Marketing; Yancy Lent, Senior Sales 
Engineer; Chris Essler, Director of Sales; Gail 
Shlansky, Director of Product Management; and 
Mike Alden, President and CEO. 3. DevEx- 
press'sVIad Filyakov, Lead Software Engineer; 
Azret Botash,Tech Evangelist. 4. Double-Take 
Software's Christian Tate, Director of Business 
Development; Michael Smith, Microsoft Global 
Alliance Manager;Tim Laplante, Director of 
Product Management; Bob Roudebush, Director 
of Solutions Engineering; and Dan Jones, VP of 
Sales & Marketing in North America. (You'll also 
find our own Michele Crockett in this picture!) 


Systems Management and 
Operations: Double-Take Software— 
Double-Take Move 

Double-Take Move can streamline the most 
onerous migration tasks, thanks to smart 
technology that can perform migrations 
and move workloads seamlessly between 
physical-to-physical (P2P), physical-to- 
virtual (P2V), and virtual-to-physical (V2P) 
environments across disparate hardware 
platforms. 


IT administrators, and it's a problem that 
Specops Password Reset provides an ele¬ 
gant solution for. This product gives users 
the power to recover and change their 
passwords themselves, all while maintain¬ 
ing overall system security. 

Software Components and Middle¬ 
ware: JNBridge—JNBridge Pro 

JNBridge Pro is an essential tool for busi¬ 
nesses using both .NET and Java applica¬ 
tions. JNBridgePro lets you join .NET and 
Java applications at the object, class, and 
component level. If your development 
work has you straddling the worlds of .NET 
and Java, JNBridge Pro should be in your 
software toolbox. 


Virtualization: VMware— 

Virtual Infrastructure 3.5 

VMware's Virtual Infrastructure 3.5 sets 
the virtualization standard for enterprises 
today. It combines a rock-solid, highly 
scalable virtualization platform with a 
host of high-availability and dynamic VM- 
management features. 

Attendees'Pick: DevExpress Analytics 

Developer Express also won in the Attend¬ 
ees' Pick category, with DevExpress Analyt¬ 
ics emerging as the most popular product 
as voted by hundreds of TechEd show 
attendees. ^ 
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Potholes 2 


What to watch out for 
and what to do if you 

by Dan Holme 



encounter one 


M icrosoft Office SharePoint Server 
(MOSS) and Windows SharePoint 
Services (WSS) can help compa¬ 
nies improve their organizational 
effectiveness and their bottom line. 

However, there are potholes in the road 
to implementing SharePoint that can cause an implementa¬ 
tion to go in the wrong direction, slow down, or even come to a 
screeching stop. Here are six potholes I've encountered often in 
my efforts to help companies get their SharePoint implementations 
running smoothly and how to get around them. 

Not Having a Governance Plan 

SharePoint implementations can falter or fail because of poor gov¬ 
ernance. Setting policies, defining roles and responsibilities, and 
establishing processes to guide how your company is going to use 
SharePoint to accomplish its business goals is crucial. Without doing 
so, you're taking a huge risk. Without a governance plan, the people 
in your organization (e.g., end users, managers, developers, support 
staff, administration staff) likely won't have realistic expectations. 
Realistic expectations can only be set by defining the policies, 
people, and processes that will deliver SharePoint services. 

So, if you don't have a governance plan in place, dedicate 
your time and resources into formulating one, even if you've 
already implemented some SharePoint projects. (Make formu¬ 
lating a governance plan your next SharePoint project.) If you 
already have a governance plan, don't be afraid to revisit it. A 
few years ago, many companies that had implemented Active 
Directory (AD) went through an "Oops, we didn't do it right the 
first time" phase. When these companies began reviewing their 



AD implementation, they realized 
that it wasn't meeting their busi¬ 
ness needs quite right or 
they weren't taking advan¬ 
tage of all the product had 
to offer. 

A lot of companies that 
have implemented SharePoint are 
now beginning to enter the "Oops, we didn't 
do it right the first time" phase. (Interestingly, this 
phase is occurring much sooner in SharePoint's product 
cycle than it did in AD's product cycle.) Many companies are now 
looking at their SharePoint implementations and making such 
realizations as: 

• SharePoint usage is greater or quite different than anticipated. 

• Security and content management aren't quite aligned with the 
policies and realities of their organizations. 

• They aren't taking advantage of certain SharePoint's features 
when they should be. 

• There's some cleaning up to do, as SharePoint "in the wild" has 
become a bit, well, wild. Rogue, unmanaged installations need 
to be corralled and brought into line with standards, and data 
build-up has occurred because content lifecycle management 
wasn't in place. 

If you aren't in this predicament, either your SharePoint implemen¬ 
tation was very well planned and deployed or you're very lucky (or 
both). If you are in this predicament, don't feel bad. It's common 
for businesses to move forward differently than expected and have 
to adjust course later on. 
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Using MOSS When WSS Would 
Suffice 

I've seen it over and over: Companies bite 
Microsoft's bait and commit to using MOSS 
too soon and too often. Many organiza¬ 
tions are currently focusing their SharePoint 
implementations on collaboration to help 
information workers get their jobs done 
more effectively. In other words, they're 
focusing their efforts on streamlining file 
sharing, automating workflows, and imple¬ 
menting Web 2.0 (e.g., social networking) 
functionality. For many organizations, the 
additional value that MOSS brings to this 
particular scenario doesn't justify the cost 
differential between WSS (which is basically 
free) and MOSS. 

Even in large enterprises and geographi¬ 
cally distributed environments, WSS can 
serve the collaboration needs of branch and 
remote offices, with MOSS providing search, 
portal, and other enterprise-level services 
at headquarters. You're better off meeting 
as many business requirements as possible 
with WSS before committing to MOSS. I'm 
not saying that MOSS doesn't have a role to 
play—it most certainly does—but its roles 
are more likely to be in search, portal, and 
other services that complement collabora¬ 
tion. 

Underestimating the Importance of 
End User Productivity 

SharePoint has a real potential for increas¬ 
ing end user productivity. Depending on 
your business, your end users' daily work 
might be helped by improvements in one 
or more of SharePoint's functional areas 
(i.e., collaboration, search, portal, business 
process automation, content management, 
and business intelligence—BI). For many 
organizations, improvements in collabora¬ 
tion and search capabilities fit that bill. 
So, anything you can do to help your end 
users—such as making collaboration easier 
and improving searches—will help make 
them more efficient. When end users can 
get their jobs done more efficiently, costs 
usually decrease and revenues typically 
increase. 

Unfortunately, most organizations don't 
take the time to accurately estimate the cost 
of employees' time when determining how 
much money a SharePoint project can save 
a company. To do so, you first need to cal¬ 
culate what is called a burden cost for each 
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employee. The burden cost encompasses 
more than just gross salary—it represents 
the annual total cost that a company incurs 
in order for an employee to perform his or 
her job. It includes benefits, training, taxes, 
and more. The burden cost is usually more 
than double the employee's salary. After 
you calculate the burden cost, you need to 
divide that figure by the number of hours the 
employee works in a year to get the burden 
rate for that employee. 

Admittedly, calculating the burden rate 
for every employee whose productivity 
would be improved by a SharePoint project 
would be time-consuming, especially if the 
SharePoint project had a large scope. Fortu¬ 
nately, you can determine the burden cost 
for each type of employee (e.g., customer 
service representative, project manager, 
engineer) and divide that figure by a reason¬ 
able number of work hours per year. In the 
United States, 2,000 hours (40 hours a week 
x 50 weeks) is often used. For example, sup¬ 
pose that a company's engineers typically 
have a burden cost of $150,000. The burden 
rate would be $75 an hour ($150,000/2,000 
hours) for employees with that type of job. 

When you use burden rates, you can 
get a true picture of a SharePoint project's 
ROI. For example, one company I worked 
with found that a specific SharePoint proj¬ 
ect would save users 10 minutes per day. 
Although that doesn't sound like much 
time, the calculations showed that the proj¬ 
ect would save the organization millions of 
dollars per year because it would improve 
the productivity of several thousand users. 
In fact, the ROI seemed so outrageous that 
the project's financial impact had to be 
undersold to make it believable. 

In the past, it's been tough to position 
these "soft" savings against the "hard" costs 
of software licenses and implementation. 
However, in this economic climate, I think 
organizations will finally start to look at both 
hard and soft costs as they try to figure out 
how to do more with less. 

Not Dealing With Political 
Resistance 

SharePoint is the new kid on the block, com¬ 
pared to such competing products as IBM 
Fotus Notes and Xerox DocuShare. Because 
SharePoint came along later, you might 
run across people who have a lot invested 
politically in legacy tools. A SharePoint 
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project might never get started or be derailed 
because of political resistance. 

So, how do you deal with such politi¬ 
cal barriers? It all boils down to investing 
time in the requirements-gathering stage 
of a project. If you really understand the 
requirements, you can create metrics with 
which to measure your success. Presenting 
those requirements and metrics to your 
company's leaders will likely lead into a dis¬ 
cussion about the project's ROI. If you can 
get your company's leaders to support your 
project, you should be able to get around the 
political barriers. 

Not Thinking About Company 
Culture 

A SharePoint project can fail because the 
company wasn't ready for it. Take using 
SharePoint for social networking, for exam¬ 
ple. For SharePoint to be successfully used 
to capture, retain, and leverage the knowl¬ 
edge that's in your employees' heads (and 
vanishes when they leave the company), 
you have to incorporate social networking 
into performance evaluations, compensa¬ 
tion, and all other systems. Social network¬ 
ing must be part of a broader initiative at 
reaching specific business objectives. It 
must become part of the culture, not just 
a tool that's thrown out there. Don't try to 
implement a SharePoint project if the com¬ 
pany isn't ready for it. 

Not Considering All Your Options 

SharePoint, particularly MOSS, has a lot 
of features that many companies don't 
take advantage of. For example, not many 
organizations leverage user profiles, even 
though they're a powerful way to improve 
people-search functionality. 

In a nutshell, here's how user profiles 
work. For each user, SharePoint pulls infor¬ 
mation from AD or another FDAP database, 
such as Active Directory Application Mode 
(ADAM) or Active Directory Fightweight 
Domain Services (AD FDS). You can extend 
the default information it pulls from AD, so 
you can pull standard or custom attributes 
into SharePoint user profiles. You can also 
pull information from a database and use 
a process (e.g., Identity Fifecycle Manager 
or a script) to synchronize that information 
with the AD data, then import the combined 
information into the user profiles. In addi¬ 
tion, you can use the Business Data Catalog 
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(BDC) to pull information directly from 
other types of databases, such as an HR data¬ 
base. Although the BDC can't provide the 
primary source of user information, it can 
supplement the user information imported 
from an AD or LDAP database. (If you'd like 
more information about user profiles, see the 
resources listed in the sidebar "Where to Get 
the Scoop on SharePoint's User Profiles.") 

Because user profiles can pull informa¬ 
tion from many different types of databases, 
they work well when you need to create a 
directory that end users can use to search for 
and connect with people in an organization. 
For example, a major financial services firm 
had an employee directory on the intranet. 
The intranet directory pulled information 
from a variety of sources, including AD. The 
company wanted to integrate or replace the 
intranet directory with SharePoint's user 
profiles and people-search functionality. In 
this case, the company had several options, 
including: 

• Placing a link to the existing intranet 
directory on appropriate SharePoint 
pages or My Sites 

• Presenting the existing intranet directory 
within SharePoint, such as with a page 
viewer web part on appropriate Share- 
Point pages 

• Developing custom web parts to create 
the desired interaction with back-end 
data sources and/or the existing intranet 
directory 

• Replacing the intranet directory with 
SharePoint user profiles, people-search 
functionality, and My Sites, using the 
BDC to pull information from sources 
other than AD 

Each approach has its advantages and dis¬ 
advantages. The first two options require the 
least effort, but achieve the least integration. 
The last two options require various amounts 
of configuration and custom code, depending 
on the functionality and two-way interaction 
with the back-end data. However, custom 
web parts are very versatile (you can do just 
about anything with them) and user profiles 
give you the ability to pull information from 
AD. And by using the BDC, data from other 
sources can pulled in, indexed, and leveraged 
by various SharePoint features. 

Another possible but unconventional 
approach would be to use SharePoint's 
user profiles and My Site functionality 


Where to Get the 
Scoop on SharePoint's 
User Profiles 

You can learn more about user profiles by starting with these resources: 

• TechNet's Manage user profiles web page (technet.microsoft.com/en-us/library/cc262195 
.aspx) provides an IT pro, task-focused introduction to user profiles. From there, the table 
of contents pane will guide you to additional related articles. 

• The MSDN articles "What's New for Developers in Office SharePoint Server 2007" (msdn 
.microsoft.com/en-us/library/ms585163.aspx) and "Personalizing Your Portal" (msdn 
.microsoft.com/en-us/library/ms496822.aspx) are great resources for developers. I also 
recommend that IT pros read these two articles and the related articles in the table of 
contents. MSDN documentation is often useful because it gives an IT pro a glimpse "under 
the covers," making the "above the covers" more understandable. It also helps both IT pros 
and business decision makers aware of what can be done by extending SharePoint with 
custom code. 

• Todd Baginski's blog post "HOW TO: Enhance SharePoint User Profiles With The Business 
Data Catalog"(www.toddbaginski.com/blog/archive/2009/03/08/45.aspx) is phenomenal. 
This is the best single resource I found because it discusses not only the business value of 
user profiles but also steps through an example of extending profiles with the Business 
Data Catalog (BDC). 

• Office Online offers information about user profiles in "Managing User Profiles from Active 
Directory"(office.microsoft.com/en-us/sharepointserver/CH011715111033.aspx). How¬ 
ever, although this discussion is under the header of Microsoft Office SharePoint Server 
(MOSS), it deals with Microsoft SharePoint Portal Server 2003. I'm not convinced that this 
content is 100 percent on target for MOSS 2007, so I'd use it only as a last resort. 

You can find even more resources on user profiles using your favorite search engine. Just 

use the search phrase SharePoint "userprofiles "(include the quotes). 
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without actually deploying personal My 
Sites. Ian Morrish discusses this strategy 
in his blog post "SharePoint User Profiles, 
My Links and My SharePoint Sites without 
a personal My Site" (www.wssdemo.com/ 
Blog/archive/2009/03/05/SharePoint-User- 
Profiles-and-My-Sites.aspx). Why would you 
want to do this? Because My Sites can open 
a can of worms from a governance perspec¬ 
tive or might not fit your corporate culture. 
Why not leverage all the people-search 
benefits of user profiles without opening 
that can of worms? 

As this example demonstrates, there are 
usually many options to consider. When you 
have to make a decision like this one, it's 
wise to take a step back and evaluate the full 
spectrum of solutions—including skipping 
SharePoint—before blazing forward. 


Avoid the Potholes 

Now that you know about some of the 
common potholes in the road to imple¬ 
menting SharePoint, you can be on the 
lookout for them. And if you encounter 
one, you can take the necessary steps to 
make sure that your SharePoint imple¬ 
mentation stays on track. ^ 
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NEW & IMPROVED 

■ SharePoint ■ Exchange 

■ Microsoft Office ■ Messaging 



OffiSync Integrates Google Docs 
Into Microsoft Office 

A new Microsoft Office add-on called 
OffiSync lets you open, edit, and save 
documents to and from Google Docs 
within Microsoft Word, Excel, and Pow¬ 
erPoint. Once you download the add-on, 
OffiSync creates a new option in your 
Office ribbon (see screenshot to right), 
which allows you to manage documents 
saved to Google Docs or save documents 
on your computer or local network to 
Google Docs. OffiSync is simple, easy to 


use, and allows you to communicate with 
other Google Docs users without ever 
having to use Google Docs. To download 
this free product, visit www.offisync.com. 

GAL, Improved Antispam for 
Kerio MailServer 

Kerio Technologies announced Kerio 


MailServer 6.7, the latest update to its 
Exchange Server alternative targeted at 
small-to-midsized businesses (SMBs). This 
time around, the company has added 
a Global Address List (GAL), improved 
the antispam filtering capability, and 
added new features for Entourage and 
Mac OS X users. In addition, Kerio has 
also introduced the Kerio IMAP Migra¬ 
tion Tool. Kerio MailServer 6.7 features 
an improved antispam gateway that 
can take advantage of multi-CPU server 
systems and gains speed from parallel 
processing of email messages. The imple¬ 
mentation of the Bayesian heuristics has 
been beefed up as well. The product 
works with Macs and also adds support 
for Debian 5 and Ubuntu 8.04 LTS Linux; 
it's also available as a virtual appliance 
using VMware or Parallels. To learn more, 
visit www.kerio.com. 

ScriptLogic updates Help Desk 
Authority 

ScriptLogic has released Help Desk 
Authority 8.1 . One interesting new fea¬ 
ture in 8.1 is a full iPhone GUI. Support 
techs working in the field can close tickets 
on scene instead of having to remember 
when they return to the office.The GUI is a 
full client—it can create, close, and update 
support tickets. Help Desk Authority inte¬ 
grates with ScriptLogic's Desktop Author¬ 
ity. By pulling in this information, Help 
Desk Authority can help save help time for 
help desk staff. For more information, visit 
www.scriptlogic.com. 

OpenOffice.org Improves 
Commenting, File Locking 

OpenOffice.org has released OpenOffice 
3.1, the latest version of its free office 
productivity suite. As Windows IT Pro has 
noted in previous articles, OpenOffice is 
an effective alternative to Office for many 
users due to its similar design to Office 
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'Easy" Contract Management in SharePoint 


Dealing with contracts is one big 
migraine, or one of those awful sinus 
headaches at best. No matter who you 
are, what end you're on, they're a true 
pain. For starters, they're seldom writ¬ 
ten in layman's terms, so you need a 
$300/hr lawyer to hold your hand and 
walk you through it (while his/her other 
hand thumbs through your wallet). 
Things rarely go smoothly, both parties 
are rarely happy, and most contracts 
change hands many times with minor 
revisions that don't always make sense 
and usually have a dozen unintended 
(or intended) consequences that, again, 
only the lawyers understand. 

As time goes by, companies and 
individuals build up massive archives of 
contracts they don't understand all that 
well that are supposed to keep them 
out of the even more confusing legal 
system. Typically there are only signed 
hard copies, which are subject to being 
lost, destroyed, stolen, or eaten by the 
office dog. According to Faulkner Infor¬ 
mation Services, about 10 percent of all 
executed contracts are lost. 


Dolphin Contract Manager for 
SharePoint 

If your organization has a lot of contracts, 
it's definitely worth investing in some type 
of contract management software. A new 
product from Dolphin Software called Dol¬ 
phin Contract Manager for SharePoint 
offers one such solution. With the Dolphin 
product, you'll be able to store all contracts 
through the folder structure in Share- 
Point, utilize all of the standard document 
change tracking capabilities, plus grab 
additional features in terms of deadline 
tracking (making sure you stay on deadline 
per the contracts), compliance monitoring, 
generating reports, and so forth. The con¬ 
tracts will be so easy to find, you'll feel like 
you have echolocation. 

Seriously though, contract manage¬ 
ment is a good idea. And if you already 
have SharePoint, it's a great way to go. 

From what I can tell, the Dolphin solution 
makes the whole thing as smooth as blub¬ 
ber. Check out www.dolphin-software.com 
and see if it's for you. 


Jeff James | jjames@windowsitpro.com 

Editor's Note: Send new product announcements to products@windowsitpro.com. 
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and compatibility with all Office docu¬ 
ments. OpenOffice 3.1 boasts a number 
of improvements, including improved 
graphics and better support for locking 
files, commenting in documents, and 
more. Check out the full list of changes 
or download the latest version at www 
.openoffice.org. 


OpenSpan Platform 
4.1 Improves Lotus 
Support 


pmPoint Enhances Workflow Man¬ 
agement, Reporting in SharePoint 

SharePoint out-of-the-box isn't intended 
to be a workflow management product, 
but what if you want it to be? BrightWork's 
pmPoint is a SharePoint add-on that offers 
the templates, management tools, and 
reporting functionality to use SharePoint 
for a departmental or organizational project 
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In addition to 
expanding its support, 

OpenSpan Platform 

4.1 also adds func¬ 
tions like tool tips, 
which might be used 
to alert a customer 
service representative 
that the customer is 
a gold customer, or 
help users new to 
integrated applications 
understand a process. 

OpenSpan Platform essentially 
creates an API that can apply to any 
existing application. You can use it, for 
example, to inject the output from an 
old application into a database. To learn 
more about the platform, visit the 
www.openspan.com. 
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management system. One downside to the 
product is its somewhat confusing interface, 
making for a decent learning curve for new 
project managers. pmPoint comes either as 
a Software as a Service product or as an on¬ 
premises solution. For full pricing details, visit 
www.brightwork.com. ^ 
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Windows XP Mode and Windows 
Virtual PC Beta 

PROS Dramatically increases software com¬ 
patibility in Windows 7, fairly seamless 

CONS: Still runs on older virtualization tech¬ 
nology, requires CPU virtualization support 

RATING: ♦♦♦♦O 

RECOMMENDATION Microsoft's next 
version of its desktop virtualization product, 
Windows Virtual PC, will be a freely down¬ 
loadable feature of Windows 7. Virtual PC is 
a big release, and it adds some features from 
the enterprise-oriented Microsoft Enterprise 
Desktop Virtualization (MED-V) product, 
including the ability to run virtualized applica¬ 
tions side-by-side with native applications on 
the host PC. Users of Windows 7 Professional, 
Enterprise, and Ultimate Editions will get a 
fully licensed and preconfigured Windows XP 
Professional with SP3 environment. Dubbed 
Windows XP Mode, this add-on lets you run 
XP applications virtually and side-by-side with 
native Windows 7 applications. 

CONTACT Microsoft • 800-426-9400 • 
www.microsoft.com 

DISCUSSIOT www.winsupersite.com/ 
win7/xp_mode_beta.asp 

Windows Mobile 6.5 

PROS Fully touch-enabled with a spit- 
shined Ul and some iPhone-like features 

CONS Underneath is the same old Windows 
Mobile ugliness; not shipping on new devices 
for 6 months 


RATING: ♦♦♦ 


RECOMMENDATION: Windows Mobile 6.5 
features a home screen that can be configured 
with big, colorful icons or a nice scrolling list. 

It offers some iPhone-like features and even 
out-does the Apple device by surfacing calls, 
voicemails, emails, and the like to the lock 
screen, letting you navigate directly to them. 
But beneath the skin-deep Ul lies the ugliness 
of previous versions. Windows Mobile 6.5 is a 
nice stopgap until Windows Mobile 7 shows 
up, supposedly next year. But that's all it is. 

CONTACT Microsoft • 800-426-9400 • 
www.microsoft.com 

DISCUSSION: www.winsupersite.com/ 
mobile/windows_phones_2009.asp 
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■ REVIEW 

VMware Workstation 6.5 


Windows 7 will be available soon, but 
Windows Vista is still in use and Windows 
XP is so popular it can't be ignored. Linux 
OSs are seeing some level of acceptance 
by IT departments, and the variety of web 
browsers and other software in frequent use 
is staggering. An OS virtualization applica¬ 
tion can let you use a large variety of this 
software on one piece of hardware, and 
VMware Workstation is an excellent choice. 

I tested Workstation on a Windows Vista 
32-bit system with only 2GB of RAM—what 
I'd consider a minimum to get good perfor¬ 
mance from Vista alone, not to mention a 
second OS. 

Windows XP 

I installed Windows XP from a DVD in under 
an hour. Installing OSs in Workstation is 
easier than installing them on physical hard¬ 
ware and goes about as quickly. Worksta¬ 
tion's easy install feature detected that I was 
installing XP, took my product key and name, 
and finished the installation on its own. 
Other than choosing the wrong time zone, 
the installation applied correct settings and 
completed smoothly. 

Once XP was started, Workstation auto¬ 
matically installed VMware's tools in the 


virtual machine (VM) and rebooted it. These 
tools let you drag and drop files between 
the host and VM and they automatically 
change the VM's resolution if you're running 
the VM in a window and resize it. USB stor¬ 
age devices work perfectly—you can easily 
determine whether the VM or host will have 
access to the device. 

My XP VM was allocated one CPU core 
and 512MB of RAM and performance was 
very good, definitely on par with XP run¬ 
ning on physical hardware with those same 
specs. Performance of the host was hurt by 
running the VM, but I was still able to use it 
without problems while running the VM. 

Windows 7 Release Candidate 

Workstation 6.5 isn't officially compatible 
with Windows 7, but I gave it a shot any¬ 
way. Workstation incorrectly identified the 
Windows 7 ISO as Vista, but its easy install 
feature was able to automatically configure 
and install Windows 7 anyway. The installa¬ 
tion took less than 35 minutes, including a 
reboot oftheVM to install the VMware tools. 

I allocated the Windows 7 VM 1GB of 
RAM, and the VM performed well, other 
than a tendency to freeze up for a few 
seconds every once in a while. Worksta¬ 


tion doesn't support 3D graphics except 
in a limited sense for XP, so there were no 
Aero features enabled, and the Windows 7 
startup animation didn't play correctly, but 
otherwise the VM worked fine. 

The Vista host, however, was sluggish 
while running this VM. Remember that if 
you plan to multitask with VMs running, 
you'll need plenty of system resources. 

Beyond Running Windows 

In addition to Windows OSs, I installed a VM 
running Ubuntu 9.04 Desktop Edition. There 
were some quirks, I think mainly because of 
my lack of Linux skills, but the VM was func¬ 
tional and performance was good. 

On top of its abilities for simply running 
OSs, Workstation has other useful features. 

It can save a snapshot of a VM and record a 
sequence, allowing you to replay it. You can 
use Workstation's Unity mode to run applica¬ 
tions in a VM but display them as integrated 
into the host OS. Workstation supports 
importing and using VMs from other ver¬ 
sions of Workstation and other applications. 

Workstation's integration with OSs that it 
supports and ability to handle OSs it doesn't 
fully support demonstrate that it's a mature, 
technologically advanced product. Free 
OS virtualization products are available, so 
you should check if they'll meet your needs 
before buying Workstation, but Worksta¬ 
tion's features and capabilities make it a 

worthwhile investment. ^ 

InstantDoc ID: 102276 


VMware Workstation 6.5 

PROS: Easy OS installations; guest applications 
can integrate with the host OS; useful VM snap¬ 
shot and recording features 

CONS: Costs more than other OS virtualization 
products; performance suffers when you push a 
system too far 

RATING: 

PRICE: $189 

RECOMMENDATION: VMware Workstation 
will serve you well, whether or just need to 
run applications from multiple OSs or want to 
test applications on a variety of platforms. 

Be sure to investigate free alternatives to 
Workstation, however, as they may be able 
to meet your needs. 
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REVIEW 


HP ProLiant ML370 G5 


The HP ProLiant ML370 G5 is a powerful 
workhorse server well-suited to virtualiza¬ 
tion and other resource-intensive tasks. A 
ruggedly built 5U rack-mounted server, the 
DL370 G5 I tested was equipped with two 
quad-core Intel Xeon E5320 processors run¬ 
ning at 1.86GHz on a 1066MHz FSB, 8GB of 
RAM, and a Smart Array P400 controller with 
256MB of cache connected to eight 74GB 
serial SCSI 15,000rpm hard disks. In its maxi¬ 
mum configuration, the system supports a 
total of 64GB of RAM and 16 internal drives. 
The core system unit also has dual 1 Gb inte¬ 
grated network adapters, two front and two 
rear USB 2.0 ports, a front accessible DVD 
drive, a serial port, a rear Integrated Lights 
Out (iLO) management port, and a hot-plug 
power supply. Unlike smaller rack-mounted 
servers, the ML370 provides eight full- 
height expansion slots, which is great for 
server consolidation scenarios where you 
need to support multiple NICs.The server 
has six PCI-Express slots and two PCI-X slots. 
For improved security, the front USB ports 
and power switch are located in a remov¬ 
able chassis that you can snap in and out of 
the front of the unit. 

You can purchase the system with 32-bit 
or 64-bit Windows Small Business Server 
2008 Standard or Premium Edition, Win¬ 
dows Essential Business Server 2008 Stan¬ 
dard or Premium Edition, Windows Server 
2008 Standard Edition, Windows Small 
Business Server 2003 R2 Premium Edition, 
Windows 2008 Server Enterprise Edition, 
or Windows Web Server 2008. If you want 
to save some money, HP will also deliver a 
slightly less expensive version of the system 
with Novell SUSE Linux Enterprise Server 10; 
Red Hat Enterprise Linux 5; VMware Virtual 
Infrastructure 3 Foundation, Standard or 
Enterprise; VMware ESX 3i; or Citrix Xen- 
Server Select or Enterprise Editions. 

The ML370 is very fast and essentially 
ready to deploy right out of the box. My 
test server came preloaded with Windows 
Server 2008 Standard edition. After I sup¬ 
plied the standard Sysprep values such as 
server name and network configuration, the 
system was up and running in a matter of 
minutes. The server was noticeably quieter 



than most high-powered rack-mounted 
servers. 

In our labs, we used this machine in 
our virtualization test suite. Tests included 
running eight virtual machines (VMs) with 
workloads that included a mix of six file 
servers and two SQL Server database work¬ 
loads. These tests were first set up using 
Windows Server 2008 and Hyper-V and later 
using VMware's ESX Server 3.5. The scalabil¬ 
ity the system offered under this workload 
was impressive. Even under a full load, with 
all eight VMs running, the response time in 
our benchmarking tests was only about 28 
percent higher than running the benchmark 
with a single active VM. This is excellent seal- 
ability considering that the VMs were highly 
stressed—the ML370 G5 clearly could have 
supported more active VMs. For more infor¬ 
mation about the virtualization test results, 
refer to our comparison of Microsoft Hyper- 
V and VMware ESX Server, InstantDoc ID 
100573—1 used the ML370 for those tests. 

Like other servers in the HP ProLiant 
line, the ML370 G5 comes bundled with a 
great set of management utilities, the HP 
Systems Insight Manager, and the iLO tech¬ 
nology. Insight Manager provides system 
monitoring, the ability to send alerts, and 
asset management. The built-in iLO feature 


enables remote management through an 
embedded Web server. 

If you're looking for a server that pro¬ 
vides great bang for the buck, put the 
ProLiant ML370 G5 right at the top of your 
list. The ML370 G5 combines great value 
with high performance. The support for up 
to 64GB of RAM and eight expansion slots 
provides excellent scalability, making it a 
great choice for an application, database, or 

virtualization server. ^ 

InstantDoc ID 102300 


HP ProLiant ML370 G5 

PROS: Rugged construction, excellent price-to- 
performance ratio, full ESX and Hyper-V compat¬ 
ibility, built-in systems management tools 

CONS: The 5U size takes up a significant amount 
of rack space 

RATING: 

PRICE: Starts at $2,339; $6,956 as tested 

RECOMMENDATION: The ML370 G5 should be 
considered by anyone who needs an application, 
database, or virtualization server with plenty of 
horsepower. As long as you have the space for 
it, the ML370 is a great choice for companies of 
any size. 

CONTACT: HP • 800-752-0900 • www.hp.com 
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REVIEW 


Lenovo ThinkStation S20 


Designed for intensive tasks such as com¬ 
puter-aided design/engineering, scientific 
applications, and digital content creation, 
Lenovo's ThinkStation S20 is a powerhouse. 
This desktop workstation packs a whopping 
amount of power into an affordable price 
point for any organization. 

For the purpose of my review, Lenovo 
provided me with its latest ThinkStation 
S20 and an accompanying ThinkView 24" 
LCD monitor. Lenovo's S series comprises 
the company's single-processor systems, 
whereas its D series comprises the dual-pro¬ 
cessor systems. Even with just one proces¬ 
sor, this workstation positively screams: The 
test system boasted Intel's W3540 Bloom¬ 
field 64-bit processor, which presented four 
cores and eight logical processors to the 
pre-installed Windows Vista Business OS— 
each clocking in at 2.93GHz. Needless to say, 
the ThinkStation S20 is more than up to any 
number-crunching tasks, and the system's 
support for up to 32GB of DDR3 memory 
will ensure that you've got enough room to 
work with your largest data sets. 

The test system included Nvidia's 
Quadro FX 4800 video card—a power¬ 
house of its own with its 192 CUDA parallel 
processing cores and 1.5GB of onboard 
memory. The Quadro card—paired with the 
Bloomfield processor—delivers impressive 
results in SPECviewperf vIO benchmark 
tests, putting the Lenovo's single-threaded 
processing scores on par with the latest 
equivalent systems from competitors Dell 
and HP. When I ran the four-thread ver¬ 
sion of SPECview's performance test, the 
numbers went through the roof. I was quite 
impressed with the Nvidia Quadro 4800, but 
Lenovo also sells the S20 with an ATI FirePro 
card if the Quadro card won't meet the 
needs of your application. 

The physical form factor is about what 
you'd expect. My test system came with a 
CD/DVD burner, one additional 5.25" drive 
bay, eight USB 2.0 ports (six in the rear, two 
in the front), two FireWire ports, memory 
card reader slots in the front for most of the 
major formats (SM XD, SD/MMC, MS/MS Pro, 


CF), optical audio input and 
output, 5.1 audio outputs, an 
external SATA (eSATA) port, a 
DB9 serial port, and a gigabit 
Ethernet connection. If you 
often move your workstations 
around, you'll like the case's 
removable "carry-handle." 

On the inside, the system 
provides two PCI Express 
(PCIe) x16"Gen 2" graphics 
slots, so you can drive up to 
four high-resolution displays 
at once—and the S20 will cer¬ 
tainly face multi-monitor sce¬ 
narios. In addition to the two 
expansion slots for graphics 
cards, there are three more 
available slots on the moth¬ 
erboard, should you need to 
expand your system further. 

My evaluation unit came 
with two Seagate Barracuda 250GB 
72000 RPM drives set up in a RAID-0 con¬ 
figuration, and an empty third internal drive 
bay. The system's SAS controller lets you set 
up RAID-5 configurations, and Lenovo offers 
the S20 in configurations with drives up to 
300GB in size and speeds up to 15,000rpm. 

I was also impressed by the unit's 
number of onboard sensors and instrumen¬ 
tation. A quick installation of System Infor¬ 
mation for Windows (www.gtopala.com) 
revealed a host of voltage, temperature ,and 
fan-speed sensors on the motherboard, as 
well as temperature sensors on the Quadro 
card and in the Xeon processor. I'm a bit of a 
telemetry and system-monitoring geek, so I 
appreciate the ready availability of so much 
system-level information. 

I feel confident giving the ThinkStation 
S20 a solid recommendation for any organi¬ 
zation. Whether your business is digital-con¬ 
tent production or anything else requiring a 


Douglas Toombs | help@toombs.us 



high level of desktop computing power, the 

ThinkStation S20 is worth a serious look. ^ 

InstantDoc ID 102332 


Lenovo ThinkStation S20 

Pros: Xeon "Bloomfield" processor paired with 
Nvidia Quadro graphics card delivers top-notch 
performance at an affordable price; built-in RAID; 
expandability to 32GB of DDR3 memory 

Cons: Only three physical expansion slots 
remain after adding the Quadro card, which 
might limit some applications 

RATING: 

Price: Starts at $1,254 

Recommendation: I highly recommend this 
system for compute-intensive workloads (e.g., 
CAD, video production, scientific apps). 

Contact: Lenovo • www.lenovo.com • 
800-915-1728 
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Acer Aspire One 

The arrival of the netbook—a small, por¬ 
table computer that falls somewhere in size 
between a smartphone and a traditional 
laptop—has had a profound impact on the 
portable PC market. Sales of more expen¬ 
sive laptops have slowed, while sales of net- 
books have been booming. While netbooks 
have found a willing customer base with 
consumers, how has the netbook fared with 
IT professionals? 

The Netbook in an IT Environment 

If theTechEd 2009 event in Los Angeles 
was any indication, IT pros have embraced 
netbooks in a big way. Many show attend¬ 
ees we spoke with sang the praises of their 
netbooks, pointing out the benefits of their 
small size, low cost, and extreme portability. 
Windows IT Pro contributor David Chernicoff 
recently sang the praises of his Dell Mini 9 
netbook, and described how he uses his 
netbook's built-in support for Bluetooth 
to access his cell phone provider's Internet 
connection for remote access. (The full 
article is available at www.windowsitpro 
.com, InstantDoc ID 101092). 

Aspire One: Windows XP or Linux? 

I recently spent some time with two ver¬ 
sions of the Acer Aspire One: one model 
with 1GB RAM, a 120GB HDD, and pre¬ 
installed with Windows XP Home Edition 
(reviewed here); and another with 512MB 
RAM, an 8GB SSD drive, and running Linux 
(see the sidebar, "Acer Aspire One with 
Linpus Linux"). Both are diminutive devices 
that sport 8.9" LED backlit LCD screens with 
1024 x 600 resolution and integrated web 
camera. The Aspire One tips the scale at 
around 2.2 lbs, making it comparable to the 
size and weight of a hardcover book. 

The fit and finish of the Aspire One is 
impressive, with smooth, beveled surface 
edges and a bright, legible LCD screen. 

The netbook is densely packed with com¬ 
ponents to maintain the tiny form factor, 
and it feels solid and weighty despite its 
tiny dimensions. The keyboard features 
reasonably-sized keys, although the cursor 
keys are a bit smaller. I found it to be fine for 
typing out emails and a page or two of copy 
here and there, but it's somewhat cramped 
for longer periods of use. 


System Specs and Ports 

Despite its small size, the Aspire One man¬ 
ages to pack a fair amount of computing 
power into a small space. While the lack 
of a dedicated graphics processor and a 
dual-core CPU may preclude this netbook 
from attempting demanding computing 
tasks like editing video or 3D gaming, it has 
more than enough power for most busi¬ 
ness tasks. Both variants of the Aspire we 
tested ship with an Intel Atom Processor 


with 512KB L2 cache running at 1.60GHz, 
teamed with a 533MHz front side bus (FSB), 
and relied on the Integrated Intel Graphics 
Media Accelerator 950 for graphics. Other 
features included an all-in-one card reader 
that could read and write MultiMediaCard, 
Reduced-Size MultiMediaCard, Memory 
Stick, Memory Stick PRO, Secure Digital, 
miniSD, and microSD memory cards. 

There are a surprising number of addi¬ 
tional ports, including a VGA port, head- 


Acer Aspire One with Linpus Linux 

RATING: ♦♦♦OO 

I also looked at a version of the Acer Aspire One that came pre-installed with Linpus Linux 
Lite, a popular Linux distribution for netbooks. Other than a white case color, both netbooks 
had the same external hardware configuration. The Linux version shipped with 512MB RAM, 
and came equipped with an 8GB SSD drive instead of the 120GB traditional drive found in the 
Windows variant. 

Thanks in part to the faster SSD drive, the Aspire One running Linux booted in mere 
seconds, whereas the Windows XP version took much longer to load. A user-friendly open¬ 
ing screen presents users with available program applications and options, broken down 
into color-coded categories. Despite the attractive display, Linux Linpus Lite obviously isn't 
Windows. In fact, numerous netbook customers have returned their Linux netbooks for a ver¬ 
sion running Windows XP. Nearly all variants of Linux can be a bit rough around the edges for 
computer novices. 

While the Linux option may seem quirky and non-standard to users accustomed to running 
Windows, opting for Linux does have some advantages. First, there is the aforementioned boot 
speed; even accounting for the SSD drive, Linux Linpus Lite boots much faster than Windows 
XP. Versions of the Aspire One pre-installed with Linux also tend to be a bit less expensive 
(about $20-$30) than versions installed with Windows. 

If you're an IT admin running Windows, the convenience and familiarity of having a net- 
book running Windows XP will likely make that option a better choice. Yet in an era when more 
consumers are leveraging the Internet for their computing needs, an inexpensive netbook 
running Linux-especiallyforthe computer-savvy—can serve asan ideal platform for checking 
your webmail, editing and uploading photos to Flickr, working on short documents, or visiting 
social networking sites such as Facebook. 

The IT industry has historically been locked in an ongoing upgrade cycle that involves 
Microsoft releasing powerful new software than needs powerful new hardware to run prop¬ 
erly. That model may have worked with success for the past two decades, but does the belly- 
flop failure of Windows Vista and the arrival (and booming popularity) of low-cost netbooks 
mean that the old upgrade model is broken? If you can use a powerful, inexpensive, low-cost 
computing device—paired with the rapid development and availability of free web apps and 
services—to accomplish your basic computing needs, do you really need to upgrade your PC 
and OS every 2 years? I guess we'll see. 
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phone/speakers/line-out and microphone 
ports, an RJ-45 LAN connector, and three 
USB 2.0 ports.The included 30-watt power 
supply seems a bit flimsy, but the cord 
length seemed to be more than adequate. 

In Operation: Battery Life Woes 

I tested the Aspire One on the road and in 
an office environment, and it ran most of 
what I threw at it without problems. This 
version of the Aspire came with a trial ver¬ 
sion of Microsoft Office 2007, but I was able 
to install and run OpenOffice 3.0 without 
any trouble. The Aspire One excels as a 
travel companion, being much easier to 
manage in those cramped airline seats. One 
major gripe, however, is with the battery life, 
particularly if you're using the default 3-cell 
lithium-ion battery. 

At best, I could get a bit over two hours 
of life out of the standard batteries, which is 
pretty anemic, especially when compared 
to full-size laptops that give you two to 


three times that. Third-party 6-cell battery 
upgrades are available, however, and should 
be one of the first accessories you purchase 
if you end up buying one of these. (See "Add 
more battery life to your netbook," Instant- 
Doc ID 101573, to learn more.) 

A Valuable Companion 

After spending many weeks with the Aspire 
One, I'm convinced that netbooks are here to 
stay. Netbook manufacturers are already hard 
at work on the next generation of netbooks, 
with new products like the Lenovo IdeaPad 
SI 2 (teamed with Nvidia's ION graphics 
processor) promising to address some of my 
gripes about weak video performance. 

But what about the Aspire One? It's argu¬ 
ably one of the finest netbooks on the mar¬ 
ket today, and capably fills the functionality 
gap between a smartphone and a full-sized 
laptop. It may not replace more powerful sys¬ 
tems at your disposal, but it can be a valuable 
addition to your computing arsenal. 


Are you using a netbook in an IT envi¬ 
ronment? Let us know what you think by 
taking our netbook quick poll, which you 
can find at www.windowsitpro.com, Instant- 
Doc ID 101360. 

InstantDoc ID 102298 

Acer Aspire One 

PROS: Lightweight; small, efficient hardware 
design; surprising performance and flexibility; 
could be a laptop alternative for many IT pros. 

CONS: Anemic battery life; cramped keyboard 
may be cumbersome for some users; more 
expensive than some comparable netbooks. 

RATING: 

PRICE: $300-$400 

RECOMMENDATION: The Aspire One is a good 
choice for IT pros seeking a device to handle 
basic mobile computing needs, as long as you 
upgrade the battery or don't mind being teth¬ 
ered to an outlet for prolonged use. 

CONTACT: Acer • (403) 533-7700 • 
www.acer.com 
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INDUSTRY BYTES 


■ Exchange 


INSIGHTS FROM THE INDUSTRY 


Exchange 2007 SP2 Brings Back the Backup 


Since the release of the public beta of 
Microsoft Exchange Server 2010, there's 
been a lot of news conning out about 
Exchange. TechEd 2009 in Los Angeles 
generated messaging news as well. Per¬ 
haps getting a little lost in this flood of 
information was the announcement on 
the Microsoft Exchange team blog that 
Service Pack 2 (SP2) for Exchange Server 
2007 will be released in Q3 of 2009. The 
recent focus from the Exchange team 
on Exchange 2010 has caused some 
Exchange administrators to question 
whether Microsoft would still produce 
another service pack for Exchange 2007. 

The big news in this SP2 announce¬ 
ment is the inclusion of a plug-in that will 
let you use Windows Server 2008's Backup 
utility to perform Volume Shadow Copy 
Service (VSS)-based backups of your 
Exchange 2007 organization. Nino Bilic 
of the Exchange team followed up the 
original post with a new post on just this 
feature. The key takeaway here is that this 
backup method, while Exchange-aware, 
is not Exchange only: Windows Server 
Backup backs up the entire volume at 
a go. 

The lack of a native backup function 
with Exchange 2007 on Server 2008 has 
been a real sore spot for a lot of Exchange 
admins. Obviously this plug-in will be 
welcome news; it's sort of a shame it's 
been such a long time coming. Micro¬ 
soft has been talking a great deal about 
increased interoperability recently, yet 


here it feels like they forgot to engineer 
a basic feature to let their own programs 
fully interoperate. 

But don't think for a moment that this 
new backup capability is the only thing to 
look forward to with Exchange 2007 SP2— 
'cause wait, there's more! The service pack 
will add new Exchange auditing events as 
well as a dedicated audit log repository. 
Although the blog post doesn't tell us 
what these new events are, the intent is 

The big news in this 
SP2 announcement 
is the inclusion of a 
plug-in that will let 
you use Windows 
Server 2008's 
Backup utility to 
perform Volume 
Shadow Copy 
Service (VSS)-based 
backups of your 
Exchange 2007 
organization. 


to let you more easily keep track of your 
Exchange environment, which seems 
like a perfectly excellent idea. You'll also 
find that you have control of diagnostic 
logging through Exchange Management 
Console; previously this was one of those 
things that required PowerShell commands 
through Exchange Management Shell. So, 
score one for the GUI fans. 

However, the Exchange team hasn't 
forgotten fans of the shell: Exchange 2007 
SP2 will also feature some new and revised 
PowerShell cmdlets. Specifically, you'll find 
improved cmdlets for public folder quota 
management, and new cmdlets to let you 
centrally manage many organizational set¬ 
tings for your Exchange environment. Also, 
you'll be able to monitor named properties 
usage on a per-database level through 
PowerShell. 

According to the blog, Exchange 
2007 SP2 "sets the foundation for the 
transition to Exchange Server 2010." So 
another of the new features is dynamic 
Active Directory (AD) schema update and 
validation. This feature will help prevent 
conflicts when a new property is added to 
the AD schema, and should make future 
schema updates easier to manage, which 
I'm guessing is where that "foundation 
for the transition" part comes in. SP2 is a 
requirement if you want to run Exchange 
2007 and Exchange 2010 in a coexistence 
scenario. 

Although the Exchange team blog post 
is a little light on actual details about these 
announced features, it's good at least to 
know that Exchange 2007 hasn't been cast 
off with the same disregard as Windows 
Vista was at the first sight of Windows 7. 
Look for Exchange 2007 SP2 to be available 
sometime in Q3. ^ 

--B. K. Winstead 

InstantDoc ID 102118 
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1&1® BUSINESS 
PACKAGE 


The flexibility of a dedicated server 
at an affordable price. 


Everything 
you need for 
a professional 
website. 
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1&1®ADVANCED 
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Set up your online 
store and start 
selling! ^ 
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WEB HOSTING 


3 months FREE! 


3 months FREE! 


E-COMMERCE 


More special offers 
are available online 


For details, visit 
www.1and1.com 


3 months FREE! 


*Offers valid as of July 1, 2009.12 month minimum contract term required. Setup fee and other terms and conditions may 
apply. Visit www.1and1.com for full promotional offer details. Private domain registration not available with .us domains. 
Server prices based on Linux servers. Program and pricing specifications and availability subject to change without notice. 
1&1 and the 1&1 logo are trademarks of 1&1 Internet AG, all other trademarks are the property of their respective owners. 
© 2009 1&1 Internet, Inc. All rights reserved. 
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Don’t sweat the small stuff...or the big stuff. 

MigratePro handles the grunt work for 
you; migrating your shares, share 
settings, and data to your new server. 
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Easily Create, Edit, and Manipulate XML Files 


SAPIEN 


Download a fully functional 45 day trial from: winitmag.primaltools.oom 

PrimatSciipt, ChangeVtoe, PrmnaJSQL, PrimaIXML, PrimalScope, PrirnaMeiga. and PnmalPackage* are trademarks cf SAPIEN! Technologies, Enc. 

All other logos., trademarks, and service marks are the property of !heir respective owners. 02002-2009 SAPIEN Technologies, Inc. Alt Righls Reserved. 
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In the wake of Microsoft's recent decision to discontinue its Mpney product line, we're 
reminded of an old Abbott & Costello parody, widely disseminated across the Interwebs. 
For old times'sake—and to entertain some of you who might not have read it before— 
we reprint it here. The setup is that, if Bud Abbott and Lou Costello were alive today, their 
famous "Who's on First?" sketch might look something like this: 


Abbott: “The Word in Office for Win¬ 
dows.” 


Costello: “Which word in office for 


windows?” 


Abbott: “The Word you get when you 
click the blue ‘W.’” 


Abbott: “Super Duper Computer Store, 
may I help you?” 

Costello: “Yes, I’m setting up an of¬ 
fice, and I’m thinking about buying a 
computer.” 

Abbott: “Mac?” 

Costello: “No, the name’s Lou.” 

Abbott: “Your computer?” 

Costello: “I don’t own a computer. I 
want to buy one.” 

Abbott: “Mac?” 

Costello: “I told you, my name’s Lou.” 
Abbott: “OK, what about Windows?” 

Costello: “Why? Will it get stuffy in 
here?” 


Abbott: “Do you want a computer with 
Windows?” 


Costello: “I don’t know. What will I see 
when I look at the windows?” 




Abbott: “Wallpaper.” 

Costello: “Never mind the windows. I 
just need a computer and software.” 

Abbott “Software for Windows?” 

Costello: “No, on the computer! I need 
something I can use to write proposals, 
track expenses, and run my business. 
What do you have?” 

' Abbott: “Office.” 

Costello: “Yeah, for my office. Can you 
recommend anything?” 

Abbott: “I just did.” 

Costello: “You just did what?” 

“I recommended something.” 

“You recommended some¬ 
thing?” 

Abbott: “Yes.” 


Costello: “I’m going to click your blue 
‘w’ if you don’t give me some straight 
answers. What about financial book¬ 
keeping? You have anything I can track 
my money with?” 

Abbott: “Money.” 

Costello: “That’s right. What do you 
have?” 

Costello: “I need money to 
track my money?” 


Abbott: “Money.” 


Costello: “For my office?” 

Abbott: “Yes.” 

Costello: “OK, what did you recommend for 
my office?” 

Abbott: “Office.” 

Costello: “Yes, for my office!” 

Abbott: “I recommend Office with Win¬ 
dows.” 

Costello: “I already have an office with win¬ 
dows! OK, let’s just say I’m sitting at my 
computer and I want to type a proposal. 
What do I need?” 

Abbott: “Word.” 

Costello: “What word?” 

Abbott: “Word in Office.” 

Costello: “The only word in office is office.” 


Abbott: “It comes bundled 
with your computer.” 

Costello: “What’s 
bundled with my 
computer?” 

Abbott: “Money.” 

Costello: “Money 
comes with my com¬ 
puter?” 

Abbott: “Yes. No extra 
charge.” 

Costello: “I get a bundle of money with 
my computer? How much?” 

Abbott: “One copy.” 

Costello: “Isn’t it illegal to copy 
money?” 

Abbott: “Microsoft gave us a license to 
copy Money.” 

Costello: “They can give you a license 
to copy money?” 

Abbott: “Why not? They own it! ” 






■jfr J&k 

■ fAK 




(A few days later) 


Abbott: “Super Duper Computer Store. 
May I help you?” 

Costello: “How do I turn my computer 
off?” 

Abbott: “Click Start...” 
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Now more than ever, you need your money to work harder. With the new generation 
of HP ProLiant G6 Servers with Intel® Xeon® processor 5500 series you dramatically 
improve energy efficiency, flexibility and performance. And more reliability in each 
system means you can reduce business risk as you increase your productivity. 

Decrease your IT support costs to an absolute minimum. HP Insight Control Suite (ICE) 
will help you to reduce operational expenses by up to $48,380 per 100 users.* 

For total peace of mind, HP Care Pack Services deliver industry leading automated 
24X7 system monitoring, diagnosis and fault notification to protect your investment. 

Making you and your business shine. 

Technology for better business outcomes. 



HP ProLiant DL360 G6 Server 


» Up to two Intel® Xeon® Processor 
5500 Series 

> 144 GB maximum memory footprint 
* Supports up to 8 small form factor 

high-performance SAS hard drives 

> HP ProLiant Onboard Administrator 



» Up to two Intel® Xeon® Processoi 
5500 Series 

* 96 GB maximum memory footprint 

* Embedded Dual Port Flex-10 lOGbE 
Multifunction Server Adapter 

► HP ProLiant Onboard Administrator 


* Supports up to 8 server/storage blade 
devices in a 6U enclosure 
' Optional HP Insight Control Environment 
management suite 

' Low-line or high-line power options for 
maximum power flexibility 



powered by Integrated Lights-Out 2 

powered by Integrated Lights-Out 2 

$3,499 (Save $2,319) 



$2,969 (Save $723) 

Lease For just $72/mo.** 

[PN:519567-005] 

$2,209 (Save $375) 

Lease For just $54/mo.** 

EfflM [PN:532020-B21] 

Lease for just $85/mo.** 
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Special 0% financing for up to 36 months also available* 
To learn more, call 1-866-625-1012 or visit hp.com/go/G6superstarl 1 
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From: Renewal time, here comes 
the pain again 

To: Predictable pricing & 
consistent support 




NO-NONSENSE 
WEB FILTERING 


That's what you'll get when you switch to iPrism from 
St Bernard - the award-winning web filter that's easier in 
every way, and less expensive to own. 

iPrism is changing the way companies and schools every¬ 
where handle their web filtering. With blazing through¬ 
put speeds up to 100+ Mbps, anti-virus protection and 
seamless XenApp and Active Directory integration, iPrism is 
the appliance-based solution of choice for customers and 
institutions of any size. 

Find out more about the easiest-to-deploy, most highly 
rated web filtering solution ever - the industry's ONLY 
Citrix-ready web filtering appliance. 


Stbernard 

FLIP THE SWITCH 

Get your iPrism® Switch Kit today: 

FREE BO-day onsite evaluation 

that can be deployed without any client or 
network changes 

FREE enhanced technical support 

for setting up matching policies, reports & alerts 
based on your current settings 

INCENTIVE PRICING & A FREE T-SHIRT 

just for watching a live demo 




Call 1.800.782.3762 or go to www.SwitchToiPrism.com/flip 


iPrism® h-Series, the world's #1 Web Filtering appliance. 

© 2009 St Bernard Software, Inc. 






